Candidate: CVE-2013-4277
PublicDate: 2013-09-16 19:14:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4277
 http://subversion.apache.org/security/CVE-2013-4277-advisory.txt
 http://xforce.iss.net/xforce/xfdb/86972
Description:
 Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1
 allows local users to overwrite arbitrary files or kill arbitrary processes
 via a symlink attack on the file specified by the --pid-file option.
Ubuntu-Description:
Notes:
 mdeslaur> pid file is not created by default on Ubuntu. This is only an
 mdeslaur> issue if someone specifies a pid file in an insecure location.
 mdeslaur> as such, we will not be fixing this.
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721542
Priority: low
Discovered-by: Daniel Shahaf
Assigned-to: mdeslaur
CVSS: 

Patches_subversion:
 upstream: http://svn.apache.org/viewvc?view=revision&revision=1516558 (1.7.x)
upstream_subversion: released (1.8.3,1.7.13)
lucid_subversion: ignored (reached end-of-life)
precise_subversion: ignored
quantal_subversion: ignored (reached end-of-life)
raring_subversion: ignored (reached end-of-life)
saucy_subversion: ignored (reached end-of-life)
trusty_subversion: not-affected (1.7.13-2ubuntu2)
trusty/esm_subversion: DNE (trusty was not-affected [1.7.13-2ubuntu2])
devel_subversion: not-affected (1.7.13-2ubuntu2)