Package: subversion Version: 1.0.0-1 Severity: grave Justification: remote DoS (data corruption)
A race condition was recently discovered in subversion whereby two commits overlapping in time could interact very badly, in certain circumstances. You can not only lose the effect of one of the commits, but with the BDB backend, you can possibly corrupt the whole repository in a fairly spectacular way. (It _does_ require commit access to a repository.) For details, see the upstream report at http://subversion.tigris.org/issues/show_bug.cgi?id=2751. This affects all releases at least as far back as 1.0.0, and will be fixed upstream in 1.4.4. Upstream has produced patches (including a regression test) for all release branches. As soon as I find the time to build and test on sarge and etch, I intend to upload fixed packages to sid, p-u and oldstable-p-u.
signature.asc
Description: Digital signature
