{"affected":[{"ecosystem_specific":{"binaries":[{"libsvn_auth_gnome_keyring-1-0":"1.8.10-12.1","libsvn_auth_kwallet-1-0":"1.8.10-12.1","subversion":"1.8.10-12.1","subversion-bash-completion":"1.8.10-12.1","subversion-devel":"1.8.10-12.1","subversion-perl":"1.8.10-12.1","subversion-python":"1.8.10-12.1","subversion-server":"1.8.10-12.1","subversion-tools":"1.8.10-12.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12","name":"subversion","purl":"pkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.10-12.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"Apache Subversion was updated to fix three vulnerabilities.\n\nThe following vulnerabilities were fixed:\n\n* Subversion HTTP servers with FSFS repositories were vulnerable to a remotely triggerable excessive memory use with certain REPORT requests. (bsc#923793 CVE-2015-0202) \n* Subversion mod_dav_svn and svnserve were vulnerable to a remotely triggerable assertion DoS vulnerability for certain requests with dynamically evaluated revision numbers. (bsc#923794 CVE-2015-0248)\n* Subversion HTTP servers allow spoofing svn:author property values for new revisions (bsc#923795 CVE-2015-0251)\n","id":"SUSE-SU-2015:0776-1","modified":"2015-04-02T12:57:32Z","published":"2015-04-02T12:57:32Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2015/suse-su-20150776-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/923793"},{"type":"REPORT","url":"https://bugzilla.suse.com/923794"},{"type":"REPORT","url":"https://bugzilla.suse.com/923795"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-0202"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-0248"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-0251"}],"related":["CVE-2015-0202","CVE-2015-0248","CVE-2015-0251"],"summary":"Security update for subversion","upstream":["CVE-2015-0202","CVE-2015-0248","CVE-2015-0251"]}