FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
c8174b63-0d3a-11e6-b06e-d43d7eed0ce2subversion -- multiple vulnerabilities

Subversion project reports:

svnserve, the svn:// protocol server, can optionally use the Cyrus SASL library for authentication, integrity protection, and encryption. Due to a programming oversight, authentication against Cyrus SASL would permit the remote user to specify a realm string which is a prefix of the expected realm string.

Subversion's httpd servers are vulnerable to a remotely triggerable crash in the mod_authz_svn module. The crash can occur during an authorization check for a COPY or MOVE request with a specially crafted header value.

This allows remote attackers to cause a denial of service.


Discovery 2016-04-21
Entry 2016-04-28
subversion
ge 1.9.0 lt 1.9.4

ge 1.0.0 lt 1.8.15

subversion18
ge 1.0.0 lt 1.8.15

CVE-2016-2167
http://subversion.apache.org/security/CVE-2016-2167-advisory.txt
CVE-2016-2168
http://subversion.apache.org/security/CVE-2016-2168-advisory.txt