Versions mentioned in the description apply to the upstream
Remediation section below for
Debian:9 relevant versions.
The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service (memory consumption) via a large number of REPORT requests, which trigger the traversal of FSFS repository nodes.
subversion to version 1.8.10-6 or higher.