[Florian Weimer] > Subversion 1.4.4 has been released, containing some security fixes: > > * fixed: security flaw in 'svn prop*' commands [CVE-2007-2448] > (r25095, -099, -104, -105, -10) > > I haven't yet figured out, what the exact problem is, and > subversion.tigris.org appears to be down. Sorry.
I'm pretty sure this is Debian bug #419348. The security implication is that a user who has SVN repository access but not shell access can screw up a repository beyond what is usually possible, making a big mess for someone to clean up, especially if you are using the old 'bdb' backend. I am not sure whether that counts as a security issue that should be fixed in sarge and etch. (After all, the user _is_ already trusted to commit to the repository.) But if so, we have patches for both.
signature.asc
Description: Digital signature
