Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2015-3187

The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.

Related bugs and status

CVE-2015-3187 (Candidate) is related to these bugs:

Bug #563179: svn crashes when checking out when saving credentials in kwallet

Summary				In	Importance	Status
	563179	svn crashes when checking out when saving credentials in kwallet		subversion (Ubuntu)	Medium	Fix Released
	563179	svn crashes when checking out when saving credentials in kwallet		subversion (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://subversion.apac...
SECTRACK: 1033215
DEBIAN: DSA-3331
REDHAT: RHSA-2015:1633
SUSE: openSUSE-SU-2015:1401
CONFIRM: https://support.apple....
APPLE: APPLE-SA-2016-03-21-4
BID: 76273
REDHAT: RHSA-2015:1742
UBUNTU: USN-2721-1
GENTOO: GLSA-201610-05