Release Notes: Versions up to and including 1.0.4 have a potential denial of service and heap overflow issue related to the parsing of strings in the 'svn://' family of access protocols. This affects only sites running svnserve. It does not affect 'http://' access; repositories served only by Apache/mod_dav_svn do not have this vulnerability. This release fixes this issue.
Release Notes: Subversion versions up to and including 1.0.2 have a buffer overflow in the date parsing code. Both client and server are vulnerable. The server is vulnerable over both httpd/DAV and svnserve (that is, over http://, https://, svn://, svn+ssh:// and other tunneled svn+*:// methods). Additionally, clients with shared working copies or permissions that allow files in the administrative area of the working copy to be written by other users are potentially exploitable. This version fixes this.