svn commit: r346229 - head/security/vuxml
Olli Hauer
ohauer at FreeBSD.org
Wed Feb 26 21:27:48 UTC 2014
Author: ohauer
Date: Wed Feb 26 21:27:47 2014
New Revision: 346229
URL: http://svnweb.freebsd.org/changeset/ports/346229
QAT: https://qat.redports.org/buildarchive/r346229/
Log:
- add entry for subversion CVE-2014-0032
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Wed Feb 26 21:19:55 2014 (r346228)
+++ head/security/vuxml/vuln.xml Wed Feb 26 21:27:47 2014 (r346229)
@@ -51,6 +51,38 @@ Note: Please add new entries to the beg
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="1839f78c-9f2b-11e3-980f-20cf30e32f6d">
+ <topic>subversion -- mod_dav_svn vulnerability</topic>
+ <affects>
+ <package>
+ <name>subversion</name>
+ <range><ge>1.8.0</ge><lt>1.8.8</lt></range>
+ <range><ge>1.3.0</ge><lt>1.7.16</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Subversion Project reports:</p>
+ <blockquote cite="http://subversion.apache.org/security/">
+ <p>Subversion's mod_dav_svn Apache HTTPD server module will crash when it
+ receives an OPTIONS request against the server root and Subversion is
+ configured to handle the server root and SVNListParentPath is on.
+ This can lead to a DoS. There are no known instances of this
+ problem being exploited in the wild, but the details of how to exploit
+ it have been disclosed on the Subversion development mailing list.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>CVE-2014-0032</url>
+ <url>https://subversion.apache.org/security/CVE-2014-0032-advisory.txt</url>
+ </references>
+ <dates>
+ <discovery>2014-01-10</discovery>
+ <entry>2014-02-26</entry>
+ </dates>
+ </vuln>
+
<vuln vid="70b72a52-9e54-11e3-babe-60a44c524f57">
<topic>otrs -- XSS Issue</topic>
<affects>
More information about the svn-ports-head
mailing list