SynopsisThe remote Debian host is missing a security-related update.
DescriptionMatt Lewis discovered that Subversion performs insufficient input validation of svndiff streams. Malicious servers could cause heap overflows in clients, and malicious clients with commit access could cause heap overflows in servers, possibly leading to arbitrary code execution in both cases.
SolutionUpgrade the Subversion packages.
For the old stable distribution (etch), this problem has been fixed in version 1.4.2dfsg1-3.
For the stable distribution (lenny), this problem has been fixed in version 1.5.1dfsg1-4.