Mandriva Linux Security Advisory : subversion (MDVSA-2015:192)
High Nessus Plugin ID 82563
The remote Mandriva Linux host is missing one or more security updates.
Multiple vulnerabilities has been discovered and corrected in subversion : Subversion HTTP servers with FSFS repositories are vulnerable to a remotely triggerable excessive memory use with certain REPORT requests (CVE-2015-0202). Subversion mod_dav_svn and svnserve are vulnerable to a remotely triggerable assertion DoS vulnerability for certain requests with dynamically evaluated revision numbers (CVE-2015-0248). Subversion HTTP servers allow spoofing svn:author property values for new revisions (CVE-2015-0251). The updated packages have been upgraded to the 1.7.20 and 1.8.13 versions where these security flaws has been fixed.