svn commit: r491034 - head/security/vuxml
Lev A. Serebryakov
lev at FreeBSD.org
Wed Jan 23 12:48:46 UTC 2019
Author: lev
Date: Wed Jan 23 12:48:45 2019
New Revision: 491034
URL: https://svnweb.freebsd.org/changeset/ports/491034
Log:
Add CVE-2018-11803 for www/mod_dav_svn.
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Wed Jan 23 11:23:33 2019 (r491033)
+++ head/security/vuxml/vuln.xml Wed Jan 23 12:48:45 2019 (r491034)
@@ -58,6 +58,33 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="4af3241d-1f0c-11e9-b4bd-d43d7eed0ce2">
+ <topic>www/mod_dav_svn -- Malicious SVN clients can crash mod_dav_svn.</topic>
+ <affects>
+ <package>
+ <name>www/mod_dav_svn</name>
+ <range><ge>1.10.0</ge><lt>1.10.3</lt></range>
+ <range><eq>1.11.0</eq></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Subversion project reports:</p>
+ <blockquote cite="http://subversion.apache.org/security/CVE-2018-11803-advisory.txt">
+ <p>Malicious SVN clients can trigger a crash in mod_dav_svn by omitting
+ the root path from a recursive directory listing request.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://subversion.apache.org/security/CVE-2018-11803-advisory.txt</url>
+ </references>
+ <dates>
+ <discovery>2019-01-23</discovery>
+ <entry>2019-01-23</entry>
+ </dates>
+ </vuln>
+
<vuln vid="50ad9a9a-1e28-11e9-98d7-0050562a4d7b">
<topic>www/py-requests -- Information disclosure vulnerability</topic>
<affects>
More information about the svn-ports-all
mailing list