CVE-2013-1884 did not impact versions of Subversion before 1.7.0. 1.7.0 added the code to handle detecting wrapping of the limit and that error handling code has the vulnerability. Prior to 1.7.0 the limit would wrap and we might not properly limit the log limits as the user expected, but that behavior while a bug doesn't constitute a security issue.
Unless Debian shipped 1.7.x or applied a patch to 1.6.x (which I'm not seeing that you did), there's nothing for you to do about CVE-2013-1884. http://subversion.apache.org/security/CVE-2013-1884-advisory.txt (Please CC me directly since I'm not subscribed to your lists if you want to ask me further questions). -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
