{"id":"MGASA-2017-0009","summary":"Updated subversion packages fix security vulnerability","details":"Subversion's mod_dontdothat module and clients using http(s):// are\nvulnerable to a denial-of-service attack caused by exponential XML\nentity expansion. The attack, otherwise known as the \"billion laughs\nattack\", targets XML parsers and can cause the targeted process to\nconsume an excessive amount of CPU resources or memory (CVE-2016-8734).\n","modified":"2026-02-01T14:10:40.072130Z","published":"2017-01-07T21:39:59Z","related":["CVE-2016-8734"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0009.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=19877"},{"type":"REPORT","url":"https://lists.apache.org/thread.html/ecf3400585d1fd2ffc754bc348a4f7d9a4863573e11d551b3b287640@%3Cannounce.subversion.apache.org%3E"},{"type":"REPORT","url":"http://svn.apache.org/repos/asf/subversion/tags/1.8.17/CHANGES"},{"type":"REPORT","url":"http://subversion.apache.org/security/CVE-2016-8734-advisory.txt"}],"affected":[{"package":{"name":"subversion","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/subversion?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.8.17-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0009.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}