Candidate: CVE-2013-7393
PublicDate: 2014-07-28 19:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7393
 https://subversion.apache.org/security/CVE-2013-4262-advisory.txt
Description:
 The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users
 to gain privileges via a symlink attack on the pid file created for (1)
 svnwcsub.py or (2) irkerbridge.py when the --pidfile option is used.  NOTE:
 this issue was SPLIT from CVE-2013-4262 based on different affected
 versions (ADT3).
Ubuntu-Description:
Notes:
 mdeslaur> split off from CVE-2013-4262
 mdeslaur> 1.8.x only
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_subversion:
upstream_subversion: released (1.8.5-1)
lucid_subversion: ignored (reached end-of-life)
precise_subversion: not-affected (1.6.17dfsg-3ubuntu3.3)
trusty_subversion: not-affected (1.8.8-1ubuntu3)
trusty/esm_subversion: DNE (trusty was not-affected [1.8.8-1ubuntu3])
devel_subversion: not-affected