James Clawson discovered that websvn, a web viewer for Subversion
repositories, would follow symlinks in a repository when presenting a
file for download. An attacker with repository write access could
thereby access any file on disk readable by the user the webserver
runs as.
For Debian 6 Squeeze, these issues have been fixed in websvn version 2.3.3-1+deb6u1