FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  360546
Date:      2014-07-04
Time:      06:38:23Z
Committer: swills

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
e27a1af3-8d21-11e0-a45d-001e8c75030dSubversion -- multiple vulnerabilities

Subversion team reports:

Subversion's mod_dav_svn Apache HTTPD server module will dereference a NULL pointer if asked to deliver baselined WebDAV resources.

This can lead to a DoS. An exploit has been tested, and tools or users have been observed triggering this problem in the wild.

Subversion's mod_dav_svn Apache HTTPD server module may in certain scenarios enter a logic loop which does not exit and which allocates memory in each iteration, ultimately exhausting all the available memory on the server.

This can lead to a DoS. There are no known instances of this problem being observed in the wild, but an exploit has been tested.

Subversion's mod_dav_svn Apache HTTPD server module may leak to remote users the file contents of files configured to be unreadable by those users.

There are no known instances of this problem being observed in the wild, but an exploit has been tested.


Discovery 2011-05-28
Entry 2011-06-02
subversion
lt 1.6.17

subversion-freebsd
lt 1.6.17

CVE-2011-1752
CVE-2011-1783
CVE-2011-1921
787d21b9-ca38-11e2-9673-001e8c75030ddevel/subversion -- fsfs repositories can be corrupted by newline characters in filenames

Subversion team reports:

If a filename which contains a newline character (ASCII 0x0a) is committed to a repository using the FSFS format, the resulting revision is corrupt.


Discovery 2013-05-31
Entry 2013-05-31
subversion
ge 1.7.0 lt 1.7.10

ge 1.1.0 lt 1.6.23

CVE-2013-1968
ce502902-ca39-11e2-9673-001e8c75030ddevel/subversion -- svnserve remotely triggerable DoS

Subversion team reports:

Subversion's svnserve server process may exit when an incoming TCP connection is closed early in the connection process.


Discovery 2013-05-31
Entry 2013-05-31
subversion
ge 1.7.0 lt 1.7.10

ge 1.0.0 lt 1.6.23

CVE-2013-2112
6d0bf320-ca39-11e2-9673-001e8c75030ddevel/subversion -- contrib hook-scripts can allow arbitrary code execution

Subversion team reports:

The script contrib/hook-scripts/check-mime-type.pl does not escape argv arguments to 'svnlook' that start with a hyphen. This could be used to cause 'svnlook', and hence check-mime-type.pl, to error out.

The script contrib/hook-scripts/svn-keyword-check.pl parses filenames from the output of 'svnlook changed' and passes them to a further shell command (equivalent to the 'system()' call of the C standard library) without escaping them. This could be used to run arbitrary shell commands in the context of the user whom the pre-commit script runs as (the user who owns the repository).


Discovery 2013-05-31
Entry 2013-05-31
subversion
ge 1.7.0 lt 1.7.10

ge 1.2.0 lt 1.6.23

CVE-2013-2088
b6beb137-9dc0-11e2-882f-20cf30e32f6dSubversion -- multiple vulnerabilities

Subversion team reports:

Subversion's mod_dav_svn Apache HTTPD server module will use excessive amounts of memory when a large number of properties are set or deleted on a node.

Subversion's mod_dav_svn Apache HTTPD server module will crash when a LOCK request is made against activity URLs.

Subversion's mod_dav_svn Apache HTTPD server module will crash in some circumstances when a LOCK request is made against a non-existent URL.

Subversion's mod_dav_svn Apache HTTPD server module will crash when a PROPFIND request is made against activity URLs.

Subversion's mod_dav_svn Apache HTTPD server module will crash when a log REPORT request receives a limit that is out of the allowed range.


Discovery 2013-04-05
Entry 2013-04-05
subversion
ge 1.7.0 lt 1.7.9

ge 1.6.0 lt 1.6.21

CVE-2013-1845
CVE-2013-1846
CVE-2013-1847
CVE-2013-1849
CVE-2013-1884