Matt Lewis discovered an integer over flaw in the subversion server. A user with commit access to a repository could send a specially crafted commit that could cause the subversion server to crash or possibly execute arbitrary code with the permissions of the server.
The advisory indicates these are heap overflow issues, not an integer overflow issue (just to clarify).
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 4
Via RHSA-2009:1203 https://rhn.redhat.com/errata/RHSA-2009-1203.html
subversion-1.6.4-2.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
subversion-1.6.4-2.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
> subversion-1.6.4-2.fc10 has been pushed ...
Despite of comment #6, and FEDORA-2009-8432 annoucement, so far this update did not show up in Fedora 10 repositories. Other F10 packages annouced at the same time and later, and also subversion-1.6.4-2.fc11 for F11, already did.
It appears that "Priority: major" of this ticket is not so major after all. It does not seem to have any repository effects after a week.
subversion-1.6.4-2.fc10 at last showed up on repos. The catch is that this took over two weeks for a security update. Smells like a problem to me although I do not know where.