1
PublicDateAtUSN: 2014-08-12
2
Candidate: CVE-2014-3522
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3522
6
https://subversion.apache.org/security/CVE-2014-3522-advisory.txt
7
https://usn.ubuntu.com/usn/usn-2316-1
9
The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18
10
and 1.8.x before 1.8.10 does not properly handle wildcards in the Common
11
Name (CN) or subjectAltName field of the X.509 certificate, which allows
12
man-in-the-middle attackers to spoof servers via a crafted certificate.
16
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3522
18
Discovered-by: Ben Reser
22
upstream: https://subversion.apache.org/security/CVE-2014-3522-advisory.txt
23
upstream: http://svn.apache.org/viewvc?view=revision&revision=1615214 (1.7.x)
24
upstream: http://svn.apache.org/viewvc?view=revision&revision=1615215 (1.7.x)
25
upstream: http://svn.apache.org/viewvc?view=revision&revision=1615204 (1.8.x)
26
upstream: http://svn.apache.org/viewvc?view=revision&revision=1615212 (1.8.x)
27
upstream_subversion: released (1.7.10,1.8.10)
28
lucid_subversion: ignored (reached end-of-life)
29
precise_subversion: released (1.6.17dfsg-3ubuntu3.4)
30
trusty_subversion: released (1.8.8-1ubuntu3.1)
31
devel_subversion: released (1.8.10-1ubuntu1)