The getparentresource function in repos.c in moddavsvn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and SVNAutoversioning is enabled, allows remote attackers to cause a denial of service (assertion failure and Apache process abort) via a non-canonical URL in a request, as demonstrated using a trailing /.
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "binary_version": "1.8.8-1ubuntu3", "binary_name": "libapache2-mod-svn" }, { "binary_version": "1.8.8-1ubuntu3", "binary_name": "libapache2-svn" }, { "binary_version": "1.8.8-1ubuntu3", "binary_name": "libsvn-dev" }, { "binary_version": "1.8.8-1ubuntu3", "binary_name": "libsvn-doc" }, { "binary_version": "1.8.8-1ubuntu3", "binary_name": "libsvn-java" }, { "binary_version": "1.8.8-1ubuntu3", "binary_name": "libsvn-perl" }, { "binary_version": "1.8.8-1ubuntu3", "binary_name": "libsvn-ruby1.8" }, { "binary_version": "1.8.8-1ubuntu3", "binary_name": "libsvn1" }, { "binary_version": "1.8.8-1ubuntu3", "binary_name": "python-subversion" }, { "binary_version": "1.8.8-1ubuntu3", "binary_name": "python-subversion-dbg" }, { "binary_version": "1.8.8-1ubuntu3", "binary_name": "ruby-svn" }, { "binary_version": "1.8.8-1ubuntu3", "binary_name": "subversion" }, { "binary_version": "1.8.8-1ubuntu3", "binary_name": "subversion-dbg" }, { "binary_version": "1.8.8-1ubuntu3", "binary_name": "subversion-tools" } ] }