FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
c8174b63-0d3a-11e6-b06e-d43d7eed0ce2	subversion -- multiple vulnerabilities Subversion project reports: svnserve, the svn:// protocol server, can optionally use the Cyrus SASL library for authentication, integrity protection, and encryption. Due to a programming oversight, authentication against Cyrus SASL would permit the remote user to specify a realm string which is a prefix of the expected realm string. Subversion's httpd servers are vulnerable to a remotely triggerable crash in the mod_authz_svn module. The crash can occur during an authorization check for a COPY or MOVE request with a specially crafted header value. This allows remote attackers to cause a denial of service. Discovery 2016-04-21 Entry 2016-04-28 subversion >= 1.9.0 lt 1.9.4 >= 1.0.0 lt 1.8.15 subversion18 >= 1.0.0 lt 1.8.15 CVE-2016-2167 http://subversion.apache.org/security/CVE-2016-2167-advisory.txt CVE-2016-2168 http://subversion.apache.org/security/CVE-2016-2168-advisory.txt
ac256985-b6a9-11e6-a3bf-206a8a720317	subversion -- Unrestricted XML entity expansion in mod_dontdothat and Subversionclients using http(s) The Apache Software Foundation reports: The mod_dontdothat module of subversion and subversion clients using http(s):// are vulnerable to a denial-of-service attack, caused by exponential XML entity expansion. The attack targets XML parsers causing targeted process to consume excessive amounts of resources. The attack is also known as the "billions of laughs attack." Discovery 2016-11-29 Entry 2016-11-29 subversion18 < 1.8.17 subversion < 1.9.5 http://subversion.apache.org/security/CVE-2016-8734-advisory.txt CVE-2016-8734

VuXML ID

Description

c8174b63-0d3a-11e6-b06e-d43d7eed0ce2

subversion -- multiple vulnerabilities

Subversion project reports:

svnserve, the svn:// protocol server, can optionally use the Cyrus SASL library for authentication, integrity protection, and encryption. Due to a programming oversight, authentication against Cyrus SASL would permit the remote user to specify a realm string which is a prefix of the expected realm string.

Subversion's httpd servers are vulnerable to a remotely triggerable crash in the mod_authz_svn module. The crash can occur during an authorization check for a COPY or MOVE request with a specially crafted header value.

This allows remote attackers to cause a denial of service.

Discovery 2016-04-21
Entry 2016-04-28
subversion

>= 1.9.0 lt 1.9.4

>= 1.0.0 lt 1.8.15

subversion18

>= 1.0.0 lt 1.8.15

CVE-2016-2167
http://subversion.apache.org/security/CVE-2016-2167-advisory.txt
CVE-2016-2168
http://subversion.apache.org/security/CVE-2016-2168-advisory.txt

ac256985-b6a9-11e6-a3bf-206a8a720317

subversion -- Unrestricted XML entity expansion in mod_dontdothat and Subversionclients using http(s)

The Apache Software Foundation reports:

The mod_dontdothat module of subversion and subversion clients using http(s):// are vulnerable to a denial-of-service attack, caused by exponential XML entity expansion. The attack targets XML parsers causing targeted process to consume excessive amounts of resources. The attack is also known as the "billions of laughs attack."

Discovery 2016-11-29
Entry 2016-11-29
subversion18

< 1.8.17

subversion

< 1.9.5

http://subversion.apache.org/security/CVE-2016-8734-advisory.txt
CVE-2016-8734