CVE-2017-9800 · cross-distro fix matrix

CVE-2017-9800: A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another u

Affects 8 Linux releases across 8 (distro × package) combinations.

Elevated exploitation risk

FIRST EPSS puts CVE-2017-9800's probability of exploitation in the next 30 days at 19% (97th percentile of all CVEs)— well above the noise floor. Prioritize it.

EPSS:19% · 30-day exploit probability97th percentile

Fix per ecosystem

Each block below is a distro release where CVE-2017-9800 has a known fix. Run the listed command on that distro to remediate.

Debian bullseye

Source: Debian Security Tracker

subversion→ fixed in1.9.7-1urgency: not yet assigned
```
sudo apt-get install --only-upgrade -y subversion
```

Debian bookworm

Source: Debian Security Tracker

subversion→ fixed in1.9.7-1urgency: not yet assigned
```
sudo apt-get install --only-upgrade -y subversion
```

Debian trixie

Source: Debian Security Tracker

subversion→ fixed in1.9.7-1urgency: not yet assigned
```
sudo apt-get install --only-upgrade -y subversion
```