Description
A server-side memory leak was found in the Subversion server. If a
malicious, remote user performed "svn blame" or "svn log" operations on
certain repository files, it could cause the Subversion server to consume
a large amount of system memory. (CVE-2010-4644)
A NULL pointer dereference flaw was found in the way the mod_dav_svn module
(for use with the Apache HTTP Server) processed certain requests. If a
malicious, remote user issued a certain type of request to display a
collection of Subversion repositories on a host that has the
SVNListParentPath directive enabled, it could cause the httpd process
serving the request to crash. Note that SVNListParentPath is not enabled by
default. (CVE-2010-4539)