{"id":"MGASA-2017-0273","summary":"Updated subversion packages fix security vulnerability","details":"A Subversion client sometimes connects to URLs provided by the\nrepository. A maliciously constructed svn+ssh:// URL would cause\nSubversion clients to run an arbitrary shell command. Such a URL could\nbe generated by a malicious server, by a malicious user committing to an\nhonest server (to attack another user of that server's repositories), or\nby a proxy server (CVE-2017-9800).\n","modified":"2026-02-01T08:45:26.738829Z","published":"2017-08-16T21:10:57Z","related":["CVE-2017-9800"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0273.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=21495"},{"type":"REPORT","url":"https://mail-archives.apache.org/mod_mbox/subversion-announce/201708.mbox/%3C2fefe468-7d41-11e7-aea1-9312c6089150%40apache.org%3E"},{"type":"REPORT","url":"http://svn.apache.org/repos/asf/subversion/tags/1.9.7/CHANGES"},{"type":"REPORT","url":"http://mail-archives.apache.org/mod_mbox/subversion-announce/201708.mbox/%3C8760dvl2j6.fsf%40codematters.co.uk%3E"},{"type":"REPORT","url":"http://svn.apache.org/repos/asf/subversion/tags/1.8.19/CHANGES"},{"type":"REPORT","url":"http://subversion.apache.org/security/CVE-2017-9800-advisory.txt"}],"affected":[{"package":{"name":"subversion","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/subversion?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.8.19-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0273.json"}},{"package":{"name":"subversion","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/subversion?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.9.7-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0273.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}