Errata overview
Errata ID 402
Date 2018-05-08
Source package subversion
Fixed in version 1.8.10-6+deb8u5
This update addresses the following issues:
* A maliciously constructed svn+ssh:// URL would cause Subversion to run an
  arbitrary shell command. Such a URL could be generated by a malicious
  server, by a malicious user committing to a honest server (to attack
  another user of that server's repositories), or by a proxy server. The
  vulnerability affects all clients, including those that use file://,
  http://, and plain (untunneled) svn://. (CVE-2017-9800)
* Subversion's mod_dontdothat module and HTTP clients are vulnerable to a
  denial-of-service attack caused by exponential XML entity expansion. The
  attack can cause the targeted process to consume an excessive amount of CPU
  resources or memory. (CVE-2016-8734)
Additional notes
CVE ID CVE-2017-9800
UCS Bug number #44776