svn commit: r346799 - branches/2014Q1/security/vuxml
Baptiste Daroussin
bapt at FreeBSD.org
Sun Mar 2 20:52:05 UTC 2014
Author: bapt
Date: Sun Mar 2 20:52:04 2014
New Revision: 346799
URL: http://svnweb.freebsd.org/changeset/ports/346799
QAT: https://qat.redports.org/buildarchive/r346799/
Log:
MFH: r346229
- add entry for subversion CVE-2014-0032
Modified:
branches/2014Q1/security/vuxml/vuln.xml
Directory Properties:
branches/2014Q1/ (props changed)
Modified: branches/2014Q1/security/vuxml/vuln.xml
==============================================================================
--- branches/2014Q1/security/vuxml/vuln.xml Sun Mar 2 20:51:02 2014 (r346798)
+++ branches/2014Q1/security/vuxml/vuln.xml Sun Mar 2 20:52:04 2014 (r346799)
@@ -51,6 +51,38 @@ Note: Please add new entries to the beg
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="1839f78c-9f2b-11e3-980f-20cf30e32f6d">
+ <topic>subversion -- mod_dav_svn vulnerability</topic>
+ <affects>
+ <package>
+ <name>subversion</name>
+ <range><ge>1.8.0</ge><lt>1.8.8</lt></range>
+ <range><ge>1.3.0</ge><lt>1.7.16</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Subversion Project reports:</p>
+ <blockquote cite="http://subversion.apache.org/security/">
+ <p>Subversion's mod_dav_svn Apache HTTPD server module will crash when it
+ receives an OPTIONS request against the server root and Subversion is
+ configured to handle the server root and SVNListParentPath is on.
+ This can lead to a DoS. There are no known instances of this
+ problem being exploited in the wild, but the details of how to exploit
+ it have been disclosed on the Subversion development mailing list.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>CVE-2014-0032</url>
+ <url>https://subversion.apache.org/security/CVE-2014-0032-advisory.txt</url>
+ </references>
+ <dates>
+ <discovery>2014-01-10</discovery>
+ <entry>2014-02-26</entry>
+ </dates>
+ </vuln>
+
<vuln vid="70b72a52-9e54-11e3-babe-60a44c524f57">
<topic>otrs -- XSS Issue</topic>
<affects>
More information about the svn-ports-branches
mailing list