FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
ac256985-b6a9-11e6-a3bf-206a8a720317subversion -- Unrestricted XML entity expansion in mod_dontdothat and Subversionclients using http(s)

The Apache Software Foundation reports:

The mod_dontdothat module of subversion and subversion clients using http(s):// are vulnerable to a denial-of-service attack, caused by exponential XML entity expansion. The attack targets XML parsers causing targeted process to consume excessive amounts of resources. The attack is also known as the "billions of laughs attack."

Discovery 2016-11-29
Entry 2016-11-29
lt 1.8.17

lt 1.9.5
6e80bd9b-7e9b-11e7-abfe-90e2baa3bafcsubversion -- Arbitrary code execution vulnerability

subversion team reports:

A Subversion client sometimes connects to URLs provided by the repository. This happens in two primary cases: during 'checkout', 'export', 'update', and 'switch', when the tree being downloaded contains svn:externals properties; and when using 'svnsync sync' with one URL argument.

A maliciously constructed svn+ssh:// URL would cause Subversion clients to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server.

The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://.

An exploit has been tested.

Discovery 2017-08-10
Entry 2017-08-11
ge 1.9.0 le 1.9.6

ge 1.0.0 le 1.8.18

ge 1.0.0 le 1.8.18

ge 1.9.0 le 1.9.6