The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
https://support.apple.com/HT204427
http://www.ubuntu.com/usn/USN-2316-1
http://www.securityfocus.com/bid/69237
http://lists.opensuse.org/opensuse-updates/2014-08/msg00038.html
http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html
https://subversion.apache.org/security/CVE-2014-3522-advisory.txt
https://security.gentoo.org/glsa/201610-05
https://exchange.xforce.ibmcloud.com/vulnerabilities/95311
https://exchange.xforce.ibmcloud.com/vulnerabilities/95090
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://secunia.com/advisories/60722
http://secunia.com/advisories/60100