Launchpad.net

CVE 2014-3528

Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm.

Related bugs and status

CVE-2014-3528 (Candidate) is related to these bugs:

Bug #1353142: subversion tests fail on ppc64el when built with -O3

		In	Importance	Status
1353142	subversion tests fail on ppc64el when built with -O3	gcc-4.9 (Ubuntu)	Undecided	Invalid
1353142	subversion tests fail on ppc64el when built with -O3	subversion (Ubuntu)	Undecided	Fix Released
1353142	subversion tests fail on ppc64el when built with -O3	subversion (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://subversion.apac...
UBUNTU: USN-2316-1
SECUNIA: 60722
SUSE: openSUSE-SU-2014:1059
CONFIRM: https://support.apple....
APPLE: APPLE-SA-2015-03-09-4
REDHAT: RHSA-2015:0165
REDHAT: RHSA-2015:0166
CONFIRM: http://www.oracle.com/...
BID: 68995
SECUNIA: 59432
SECUNIA: 59584
GENTOO: GLSA-201610-05