FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-16 06:42:40 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
6e80bd9b-7e9b-11e7-abfe-90e2baa3bafc	subversion -- Arbitrary code execution vulnerability subversion team reports: A Subversion client sometimes connects to URLs provided by the repository. This happens in two primary cases: during 'checkout', 'export', 'update', and 'switch', when the tree being downloaded contains svn:externals properties; and when using 'svnsync sync' with one URL argument. A maliciously constructed svn+ssh:// URL would cause Subversion clients to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://. An exploit has been tested. Discovery 2017-08-10 Entry 2017-08-11 subversion ge 1.9.0 le 1.9.6 subversion18 ge 1.0.0 le 1.8.18 subversion-static ge 1.0.0 le 1.8.18 ge 1.9.0 le 1.9.6 http://subversion.apache.org/security/CVE-2017-9800-advisory.txt
ac256985-b6a9-11e6-a3bf-206a8a720317	subversion -- Unrestricted XML entity expansion in mod_dontdothat and Subversionclients using http(s) The Apache Software Foundation reports: The mod_dontdothat module of subversion and subversion clients using http(s):// are vulnerable to a denial-of-service attack, caused by exponential XML entity expansion. The attack targets XML parsers causing targeted process to consume excessive amounts of resources. The attack is also known as the "billions of laughs attack." Discovery 2016-11-29 Entry 2016-11-29 subversion18 < 1.8.17 subversion < 1.9.5 http://subversion.apache.org/security/CVE-2016-8734-advisory.txt CVE-2016-8734

VuXML ID

Description

6e80bd9b-7e9b-11e7-abfe-90e2baa3bafc

subversion -- Arbitrary code execution vulnerability

subversion team reports:

A Subversion client sometimes connects to URLs provided by the repository. This happens in two primary cases: during 'checkout', 'export', 'update', and 'switch', when the tree being downloaded contains svn:externals properties; and when using 'svnsync sync' with one URL argument.

A maliciously constructed svn+ssh:// URL would cause Subversion clients to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server.

The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://.

An exploit has been tested.

Discovery 2017-08-10
Entry 2017-08-11
subversion

ge 1.9.0 le 1.9.6

subversion18

ge 1.0.0 le 1.8.18

subversion-static

ge 1.0.0 le 1.8.18

ge 1.9.0 le 1.9.6

http://subversion.apache.org/security/CVE-2017-9800-advisory.txt

ac256985-b6a9-11e6-a3bf-206a8a720317

subversion -- Unrestricted XML entity expansion in mod_dontdothat and Subversionclients using http(s)

The Apache Software Foundation reports:

The mod_dontdothat module of subversion and subversion clients using http(s):// are vulnerable to a denial-of-service attack, caused by exponential XML entity expansion. The attack targets XML parsers causing targeted process to consume excessive amounts of resources. The attack is also known as the "billions of laughs attack."

Discovery 2016-11-29
Entry 2016-11-29
subversion18

< 1.8.17

subversion

< 1.9.5

http://subversion.apache.org/security/CVE-2016-8734-advisory.txt
CVE-2016-8734