ALT-PU-2024-17035-3

Обновление пакета subversion в ветке c10f2

Версия1.14.5-alt1

Задание#364900

Опубликовано2026-02-04

Макс. серьёзностьHIGH

Серьёзность:

Закрытые проблемы (3)

MEDIUM4.6

Уязвимость функции mod_dav_svn программного обеспечения Apache Subversion, позволяющая нарушителю вызвать отказ в обслуживании

Опубликовано: 2025-03-27Изменено: 2026-05-06

CVSS 3.xСРЕДНЯЯ 4.6

CVSS:3.x/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CVSS 2.0СРЕДНЯЯ 4.1

CVSS:2.0/AV:A/AC:L/Au:S/C:N/I:P/A:P

Ссылки

CVE-2024-46901

HIGH7.8

On Windows platforms, a "best fit" character encoding conversion of command line arguments to Subversion's executables (e.g., svn.exe, etc.) may lead to unexpected command line argument interpretation, including argument injection and execution of other programs, if a specially crafted command line argument string is processed. All versions of Subversion up to and including Subversion 1.14.3 are affected on Windows platforms only. Users are recommended to upgrade to version Subversion 1.14.4, which fixes this issue. Subversion is not affected on UNIX-like platforms.

Опубликовано: 2024-10-09Изменено: 2025-02-11

CVSS 3.xВЫСОКАЯ 7.8

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Ссылки

MEDIUM4.3

Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository. All versions of Subversion up to and including Subversion 1.14.4 are affected if serving repositories via mod_dav_svn. Users are recommended to upgrade to version 1.14.5, which fixes this issue. Repositories served via other access methods are not affected.

Опубликовано: 2024-12-09Изменено: 2025-07-15

CVSS 3.xСРЕДНЯЯ 4.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Ссылки

Закрытые ошибки (1)

Ошибка #48441

rebuild with swig-4.1.1 produces undefined symbol: SWIG_InstallConstants