CVE-2009-2411

Publication date 7 August 2009

Last updated 24 July 2024

Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
subversion	9.04 jaunty	Fixed 1.5.4dfsg1-1ubuntu2.1
	8.10 intrepid	Fixed 1.5.1dfsg1-1ubuntu2.1
	8.04 LTS hardy	Fixed 1.4.6dfsg1-2ubuntu1.1
	6.06 LTS dapper	Fixed 1.3.1-3ubuntu1.2

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-812-1
Subversion vulnerability
8 August 2009

Other references

https://www.cve.org/CVERecord?id=CVE-2009-2411