PublicDateAtUSN: 2014-08-05
Candidate: CVE-2014-3528
PublicDate: 2014-08-19 18:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3528
 http://mail-archives.apache.org/mod_mbox/subversion-dev/201407.mbox/%3C53DAB4A7.8030004%40reser.org%3E
 http://subversion.apache.org/security/CVE-2014-3528-advisory.txt
 https://ubuntu.com/security/notices/USN-2316-1
Description:
 Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10
 uses an MD5 hash of the URL and authentication realm to store cached
 credentials, which makes it easier for remote servers to obtain the
 credentials via a crafted authentication realm.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by: Bert Huijben
Assigned-to: mdeslaur
CVSS: 

Patches_subversion:
 upstream: http://svn.apache.org/viewvc?view=revision&revision=1605944 (1.8.x)
 upstream: http://svn.apache.org/viewvc?view=revision&revision=1615193 (1.7.x)
upstream_subversion: released (1.7.18,1.8.10)
lucid_subversion: ignored (reached end-of-life)
precise_subversion: released (1.6.17dfsg-3ubuntu3.4)
trusty_subversion: released (1.8.8-1ubuntu3.1)
trusty/esm_subversion: DNE (trusty was released [1.8.8-1ubuntu3.1])
devel_subversion: released (1.8.10-1ubuntu1)