{"id":"MGASA-2014-0339","summary":"Updated subversion packages fix security vulnerabilities","details":"Updated subversion packages fix security vulnerabilities:\n\nBen Reser discovered that Subversion did not correctly validate SSL\ncertificates containing wildcards. A remote attacker could exploit this to\nperform a man in the middle attack to view sensitive information or alter\nencrypted communications (CVE-2014-3522).\n\nBert Huijben discovered that Subversion did not properly handle cached\ncredentials. A malicious server could possibly use this issue to obtain\ncredentials cached for a different server (CVE-2014-3528).\n\nThe subversion package has been updated to 1.8.10 to fix these issues and\nother bugs.\n","modified":"2026-04-16T01:46:34.274622463Z","published":"2014-08-21T09:36:13Z","upstream":["CVE-2014-3522","CVE-2014-3528"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0339.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=13838"},{"type":"ADVISORY","url":"http://subversion.apache.org/security/CVE-2014-3522-advisory.txt"},{"type":"ADVISORY","url":"http://subversion.apache.org/security/CVE-2014-3528-advisory.txt"},{"type":"WEB","url":"https://mail-archives.apache.org/mod_mbox/subversion-dev/201408.mbox/%3C53E8E6BA.5030100@apache.org%3E"},{"type":"WEB","url":"http://svn.apache.org/repos/asf/subversion/tags/1.8.10/CHANGES"},{"type":"WEB","url":"http://www.ubuntu.com/usn/usn-2316-1/"}],"affected":[{"package":{"name":"subversion","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/subversion?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.8.10-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0339.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}