{"id":"MGASA-2014-0104","summary":"Updated subversion packages fix CVE-2014-0032","details":"Updated subversion packages fix security vulnerability:\n\nThe mod_dav_svn module in Apache Subversion before 1.8.8, when\nSVNListParentPath is enabled, allows remote attackers to cause a denial\nof service (crash) via an OPTIONS request (CVE-2014-0032).\n\nThe package has been patched to correct this issue.\n\nAdditionally, the svnserve service was using the incorrect root directory\nfor the repositories.  This has also been corrected.  The root directory is\nnow defined in the /etc/sysconfig/svnserve file.\n","modified":"2026-02-04T04:38:57.934195Z","published":"2014-02-27T21:58:42Z","related":["CVE-2014-0032"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0104.html"},{"type":"REPORT","url":"https://subversion.apache.org/security/CVE-2014-0032-advisory.txt"},{"type":"REPORT","url":"https://mail-archives.apache.org/mod_mbox/subversion-dev/201402.mbox/%3C530633AC.2050507@apache.org%3E"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=12059"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=12768.mga3"}],"affected":[{"package":{"name":"subversion","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/subversion?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.7.14-1.1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0104.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}