{"id":"MGASA-2013-0275","summary":"Updated subversion package fixes security vulnerability.","details":"svnserve takes a --pid-file option which creates a file containing the\nprocess id it is running as. It does not take steps to ensure that the\nfile it has been directed at is not a symlink. If the pid file is in a\ndirectory writeable by unprivileged users, the destination could be\nreplaced by a symlink allowing for   privilege escalation. svnserve\ndoes not create a pid file by default (CVE-2013-4277).\n","modified":"2026-02-04T02:38:17.109539Z","published":"2013-09-13T20:14:09Z","related":["CVE-2013-4277"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2013-0275.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=11207"},{"type":"REPORT","url":"http://subversion.apache.org/security/CVE-2013-4277-advisory.txt"},{"type":"REPORT","url":"https://lists.fedoraproject.org/pipermail/package-announce/2013-September/115318.html"}],"affected":[{"package":{"name":"subversion","ecosystem":"Mageia:2","purl":"pkg:rpm/mageia/subversion?arch=source&distro=mageia-2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.7.13-1.mga2"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0275.json"}},{"package":{"name":"subversion","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/subversion?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.7.13-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0275.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}