1
PublicDateAtUSN: 2011-01-07
2
Candidate: CVE-2010-4644
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4644
6
http://www.openwall.com/lists/oss-security/2011/01/04/8
7
http://svn.haxx.se/dev/archive-2010-11/0102.shtml
8
https://usn.ubuntu.com/usn/usn-1053-1
10
Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15
11
allow remote authenticated users to cause a denial of service (memory
12
consumption and daemon crash) via the -g option to the blame command.
15
mdeslaur> PoC: http://svn.haxx.se/dev/archive-2010-11/0163.shtml
16
mdeslaur> hardy and older don't support -g, 1.5.x and higher only
18
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608989
24
upstream: http://svn.apache.org/viewvc?view=revision&revision=1032808 (trunk)
25
upstream: http://svn.apache.org/viewvc?view=revision&revision=1041438 (trunk)
26
upstream: http://svn.apache.org/viewvc?view=revision&revision=1033227 (1.6.x)
27
upstream: http://svn.apache.org/viewvc?view=revision&revision=1041504 (1.6.x)
28
upstream_subversion: released (1.6.15)
29
dapper_subversion: not-affected (1.3.1-3ubuntu1.2)
30
hardy_subversion: not-affected (1.4.6dfsg1-2ubuntu1.1)
31
karmic_subversion: released (1.6.5dfsg-1ubuntu1.1)
32
lucid_subversion: released (1.6.6dfsg-2ubuntu1.1)
33
maverick_subversion: released (1.6.12dfsg-1ubuntu1.1)
34
devel_subversion: not-affected (1.6.12dfsg-4ubuntu1)