FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  517534
Date:      2019-11-13
Time:      23:45:36Z
Committer: sunpoet

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
8e887b71-d769-11e4-b1c2-20cf30e32f6dsubversion -- DoS vulnerabilities

Subversion Project reports:

Subversion HTTP servers with FSFS repositories are vulnerable to a remotely triggerable excessive memory use with certain REPORT requests.

Subversion mod_dav_svn and svnserve are vulnerable to a remotely triggerable assertion DoS vulnerability for certain requests with dynamically evaluated revision numbers.

Subversion HTTP servers allow spoofing svn:author property values for new revisions.


Discovery 2015-03-31
Entry 2015-03-31
mod_dav_svn
ge 1.5.0 lt 1.7.20

ge 1.8.0 lt 1.8.13

subversion16
ge 1.0.0 lt 1.7.20

subversion17
ge 1.0.0 lt 1.7.20

subversion
ge 1.0.0 lt 1.7.20

ge 1.8.0 lt 1.8.13

http://subversion.apache.org/security/
CVE-2015-0202
CVE-2015-0248
CVE-2015-0251
http://subversion.apache.org/security/CVE-2015-0202-advisory.txt
http://subversion.apache.org/security/CVE-2015-0248-advisory.txt
http://subversion.apache.org/security/CVE-2015-0251-advisory.txt
f5561ade-846c-11e4-b7a7-20cf30e32f6dsubversion -- DoS vulnerabilities

Subversion Project reports:

Subversion's mod_dav_svn Apache HTTPD server module will crash when it receives a REPORT request for some invalid formatted special URIs.

Subversion's mod_dav_svn Apache HTTPD server module will crash when it receives a request for some invalid formatted special URIs.

We consider this to be a medium risk vulnerability. Repositories which allow for anonymous reads will be vulnerable without authentication. Unfortunately, no special configuration is required and all mod_dav_svn servers are vulnerable.


Discovery 2014-12-13
Entry 2014-12-15
mod_dav_svn
ge 1.8.0 lt 1.8.11

subversion16
ge 1.0.0 lt 1.7.19

subversion17
ge 1.0.0 lt 1.7.19

subversion
ge 1.0.0 lt 1.7.19

ge 1.8.0 lt 1.8.11

CVE-2014-3580
CVE-2014-8108
http://subversion.apache.org/security/CVE-2014-3580-advisory.txt
http://subversion.apache.org/security/CVE-2014-8108-advisory.txt
daadef86-a366-11e5-8b40-20cf30e32f6dsubversion -- multiple vulnerabilities

Subversion Project reports:

Remotely triggerable heap overflow and out-of-bounds read caused by integer overflow in the svn:// protocol parser.

Remotely triggerable heap overflow and out-of-bounds read in mod_dav_svn caused by integer overflow when parsing skel-encoded request bodies.


Discovery 2015-11-14
Entry 2015-12-15
subversion17
ge 1.7.0 lt 1.7.22_1

subversion18
ge 1.8.0 lt 1.8.15

subversion
ge 1.9.0 lt 1.9.3

mod_dav_svn
ge 1.7.0 lt 1.7.22_1

ge 1.8.0 lt 1.8.15

ge 1.9.0 lt 1.9.3

CVE-2015-5343
http://subversion.apache.org/security/CVE-2015-5343-advisory.txt
CVE-2015-5259
http://subversion.apache.org/security/CVE-2015-5259-advisory.txt