Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2014-3522

The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.

Related bugs and status

CVE-2014-3522 (Candidate) is related to these bugs:

Bug #1353142: subversion tests fail on ppc64el when built with -O3

		In	Importance	Status
1353142	subversion tests fail on ppc64el when built with -O3	gcc-4.9 (Ubuntu)	Undecided	Invalid
1353142	subversion tests fail on ppc64el when built with -O3	subversion (Ubuntu)	Undecided	Fix Released
1353142	subversion tests fail on ppc64el when built with -O3	subversion (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://subversion.apa...
UBUNTU: USN-2316-1
BID: 69237
SECUNIA: 60100
SECUNIA: 60722
SUSE: openSUSE-SU-2014:1059
CONFIRM: https://support.apple....
APPLE: APPLE-SA-2015-03-09-4
CONFIRM: http://www.oracle.com/...
OSVDB: 109996
SECUNIA: 59432
SECUNIA: 59584
GENTOO: GLSA-201610-05
XF: apache-subversion-cve2...
XF: apache-subversion-cve2...