A flaw was found in the way mod_dav_svn handled certain requests when SVNAutoversioning (in "/etc/httpd/conf.d/subversion.conf", for example) was enabled. If an attacker with commit access to a repository sent a request containing a crafted URL, it would cause the httpd process serving the request to crash. This issue affected Subversion versions 1.7.11 to 1.7.13, and 1.8.1 to 1.8.4. It has been corrected in versions 1.7.14 and 1.8.5. This issue does not affect the versions of Subversion in Red Hat Enterprise Linux 5 and 6. Acknowledgements: Red Hat would like to thank the Apache Subversion project for reporting this issue. Upstream acknowledges Philip Martin as the original reporter.
External References: http://subversion.apache.org/security/CVE-2013-4558-advisory.txt
Created subversion tracking bugs for this issue: Affects: fedora-all [bug 1034377]
Statement: Not vulnerable. This issue did not affect the versions of Subversion in Red Hat Enterprise Linux 5 and 6.
subversion-1.7.14-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
subversion-1.7.14-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
subversion-1.8.5-2.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.