CVE-2011-0715

Publication date 11 March 2011

Last updated 24 July 2024

Ubuntu priority

The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.

Read the notes from the security team

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
subversion	10.10 maverick	Fixed 1.6.12dfsg-1ubuntu1.2
	10.04 LTS lucid	Fixed 1.6.6dfsg-2ubuntu1.2
	9.10 karmic	Fixed 1.6.5dfsg-1ubuntu1.2
	8.04 LTS hardy	Fixed 1.4.6dfsg1-2ubuntu1.3
	6.06 LTS dapper	Fixed 1.3.1-3ubuntu1.4

Notes

mdeslaur

on karmic and higher, binary is in universe.

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
subversion	Upstream: http://svn.apache.org/viewvc?view=revision&revision=1071307 Upstream: http://svn.apache.org/viewvc?view=revision&revision=1071239

References

Related Ubuntu Security Notices (USN)