A flaw was reported in how the Subversion FSFS repository handled the packing of revision properties. When one or more revision properties of a packed revision are set to new, larger values, a "pack file" in the repository might get split. While this is happening, it is possible that the wrong pack file gets deleted, which can lead to data loss of revision property data. This issue only affects FSFS repositories in Subversion 1.8.0 and 1.8.1. It does not affect BDB repositories or earlier versions of Subversion. Acknowledgements: Red Hat would like to thank Ben Reser of the Apache Subversion project for reporting this issue. Upstream acknowledges Ivan Zhakov from VisualSVN as the original issue reporter. Statement: Not vulnerable. This issue did not affect the versions of subversion as shipped with Red Hat Enterprise Linux 5 or 6, as they did not ship the vulnerable versions of subversion.
This issue is embargoed until 29 August 2013 17:00 UTC.
Created attachment 789383 [details] upstream patch to fix CVE-2013-4246
External References: http://subversion.apache.org/security/CVE-2013-4246-advisory.txt