An unintended file contents disclosure flaw was found in the way mod_dav_svn module of the subversion concurrent version control system processed certain URLs, when path-access control for files and directories was enabled. A remote attacker could use this flaw to obtain information, which should be otherwise prohibited by the authorization subsystem. Acknowledgements: Red Hat would like to thank the Apache Subversion project for reporting this issue. Upstream acknowledges Kamesh Jayachandran of CollabNet, Inc. as the original reporter.
This issue did NOT affect the version of the subversion package, as shipped with Red Hat Enterprise Linux 4. -- This issue affects the versions of the subversion package, as shipped with Red Hat Enterprise Linux 5 and 6. -- This issue affects the versions of the subversion package, as shipped with Fedora release of 13, 14, and 15.
Public via: http://subversion.apache.org/security/CVE-2011-1921-advisory.txt
Created subversion tracking bugs for this issue Affects: fedora-all [bug 709952]
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 Via RHSA-2011:0862 https://rhn.redhat.com/errata/RHSA-2011-0862.html