Candidate: CVE-2015-5259
CRD: 2015-12-15
PublicDate: 2016-01-08 19:59:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5259
Description:
 Integer overflow in the read_string function in libsvn_ra_svn/marshal.c in
 Apache Subversion 1.9.x before 1.9.3 allows remote attackers to execute
 arbitrary code via an svn:// protocol string, which triggers a heap-based
 buffer overflow and an out-of-bounds read.
Ubuntu-Description: 
Notes: 
 mdeslaur> 1.9.0+ only
Bugs: 
Priority: medium
Discovered-by: Ivan Zhakov
Assigned-to: 
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H [8.6 HIGH]

Patches_subversion:
upstream_subversion: released (1.9.3)
precise_subversion: not-affected (1.6.17dfsg-3ubuntu3.5)
trusty_subversion: not-affected (1.8.8-1ubuntu3.2)
trusty/esm_subversion: DNE (trusty was not-affected [1.8.8-1ubuntu3.2])
vivid_subversion: not-affected (1.8.10-5ubuntu1.1)
wily_subversion: not-affected (1.8.13-1ubuntu3)
devel_subversion: released (1.9.3-1ubuntu1)