PublicDateAtUSN: 2015-08-05 20:00:00 UTC
Candidate: CVE-2015-3184
CRD: 2015-08-05 20:00:00 UTC
PublicDate: 2015-08-12 14:59:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3184
 http://svn.haxx.se/dev/archive-2015-08/0024.shtml
 http://subversion.apache.org/security/CVE-2015-3184-advisory.txt
 https://ubuntu.com/security/notices/USN-2721-1
Description:
 mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before
 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous
 access, which allows remote anonymous users to read hidden files via the
 path name.
Ubuntu-Description: 
Notes: 
 mdeslaur> only an issue with httpd 2.4. Needs to be built against httpd
 mdeslaur> updated with CVE-2015-3185 fix, and needs to be forced as the
 mdeslaur> security update didn't update the API version
Bugs: 
Priority: medium
Discovered-by: C. Michael Pilato
Assigned-to: mdeslaur
CVSS: 

Patches_subversion:
Tags_subversion: universe-binary
upstream_subversion: needs-triage
precise_subversion: not-affected (1.6.17dfsg-3ubuntu3.4)
trusty_subversion: released (1.8.8-1ubuntu3.2)
trusty/esm_subversion: DNE (trusty was released [1.8.8-1ubuntu3.2])
vivid_subversion: released (1.8.10-5ubuntu1.1)
devel_subversion: released (1.8.13-1ubuntu2)