PublicDateAtUSN: 2011-01-07
Candidate: CVE-2010-4539
PublicDate: 2011-01-07 19:00:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4539
 http://www.openwall.com/lists/oss-security/2011/01/04/8
 https://ubuntu.com/security/notices/USN-1053-1
Description:
 The walk function in repos.c in the mod_dav_svn module for the Apache HTTP
 Server, as distributed in Apache Subversion before 1.6.15, allows remote
 authenticated users to cause a denial of service (NULL pointer dereference
 and daemon crash) via vectors that trigger the walking of SVNParentPath
 collections.
Ubuntu-Description:
Notes:
 mdeslaur> in karmic and later, binary is libapache2-svn in universe
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608989
 https://bugzilla.redhat.com/show_bug.cgi?id=667407
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_subversion:
 upstream: http://svn.apache.org/viewvc?view=revision&revision=1033166
upstream_subversion: released (1.6.15)
dapper_subversion: released (1.3.1-3ubuntu1.3)
hardy_subversion: released (1.4.6dfsg1-2ubuntu1.2)
karmic_subversion: released (1.6.5dfsg-1ubuntu1.1)
lucid_subversion: released (1.6.6dfsg-2ubuntu1.1)
maverick_subversion: released (1.6.12dfsg-1ubuntu1.1)
devel_subversion: not-affected (1.6.12dfsg-4ubuntu1)