aboutsummaryrefslogtreecommitdiffstats
path: root/security/vuxml
diff options
context:
space:
mode:
authorohauer <ohauer@FreeBSD.org>2013-11-26 03:52:24 +0800
committerohauer <ohauer@FreeBSD.org>2013-11-26 03:52:24 +0800
commitdb5e0d6ce3368cdd2b435203f735f393b490ece5 (patch)
treec3d450da1d3ef54caef921a0100d0be51f14f3de /security/vuxml
parent2848b15b5d404864f0d45f6ae15d8f303f67e09d (diff)
downloadfreebsd-ports-gnome-db5e0d6ce3368cdd2b435203f735f393b490ece5.tar.gz
freebsd-ports-gnome-db5e0d6ce3368cdd2b435203f735f393b490ece5.tar.zst
freebsd-ports-gnome-db5e0d6ce3368cdd2b435203f735f393b490ece5.zip
- security update subversion-1.8.5 / 1.7.14 [1]
- add vuxml entry - let bindings ports load options file [2] [1] Version 1.8.5 (25 November 2013, from /branches/1.8.x) http://svn.apache.org/repos/asf/subversion/tags/1.8.5 User-visible changes: - Client-side bugfixes: * fix externals that point at redirected locations (issues #4428, #4429) * diff: fix assertion with move inside a copy (issue #4444) - Server-side bugfixes: * mod_dav_svn: Prevent crashes with some 3rd party modules (r1537360 et al) * mod_dav_svn: canonicalize paths properly (r1542071) * mod_authz_svn: fix crash of mod_authz_svn with invalid config (r1541432) * hotcopy: fix hotcopy losing revprop files in packed repos (issue #4448) - Other tool improvements and bugfixes: * mod_dontdothat: Fix the uri parser (r1542069 et al) Developer-visible changes: - General: * fix compilation with '--enable-optimize' with clang (r1534860) * fix copmpilation with debug build of BDB on Windows (r1501656, r1501702) * fix '--with-openssl' option when building on Windows (r1535139) * add test to fail when built against broken ZLib (r1537193 et al) - Bindings: * swig-rb: fix tests to run without installing on OS X (r1535161) * ctypes-python: build with compiler selected via configure (r1536537) Version 1.7.14 (25 Nov 2013, from /branches/1.7.x) http://svn.apache.org/repos/asf/subversion/tags/1.7.14 User-visible changes: - Client- and server-side bugfixes: * fix assertion on urls of the form 'file://./' (r1516806) - Client-side bugfixes: * upgrade: fix an assertion when used with pre-1.3 wcs (r1530849) * ra_local: fix error with repository in Windows drive root (r1518184) * fix crash on windows when piped command is interrupted (r1522892) * fix externals that point at redirected locations (issues #4428, #4429) * diff: fix incorrect calculation of changes in some cases (issue #4283) * diff: fix errors with added/deleted targets (issues #4153, #4421) - Server-side bugfixes: * mod_dav_svn: Prevent crashes with some 3rd party modules (r1537360 et al) * fix OOM on concurrent requests at threaded server start (r1527103 et al) * fsfs: limit commit time of files with deep change histories (r1536790) * mod_dav_svn: canonicalize paths properly (r1542071) - Other tool improvements and bugfixes: * mod_dontdothat: Fix the uri parser (r1542069 et al) Developer-visible changes: - Bindings: * javahl: canonicalize path for streamFileContent method (r1524869) [2] - Set OPTIONS_NAME to let bindings ports load the new options file. Leave OPTIONSFILE for now to load the old file on systems where it hasn't been moved to the new location yet. - Remove an old hack. PR: ports/180612 [2] Submitted by: Tijl Coosemans <tijl@FreeBSD.org> Security: e3244a7b-5603-11e3-878d-20cf30e32f6d CVE-2013-4505 CVE-2013-4558
Diffstat (limited to 'security/vuxml')
-rw-r--r--security/vuxml/vuln.xml42
1 files changed, 42 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index e82a13e957fc..715de46fb16a 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -51,6 +51,48 @@ Note: Please add new entries to the beginning of this file.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="e3244a7b-5603-11e3-878d-20cf30e32f6d">
+ <topic>subversion -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>subversion</name>
+ <range><ge>1.8.0</ge><lt>1.8.5</lt></range>
+ <range><ge>1.7.0</ge><lt>1.7.14</lt></range>
+ <range><ge>1.6.0</ge><lt>1.6.24</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Subversion Project reports:</p>
+ <blockquote cite="http://subversion.apache.org/security/">
+ <p>mod_dontdothat does not restrict requests from serf based clients</p>
+ <p>mod_dontdothat allows you to block update REPORT requests against certain
+ paths in the repository. It expects the paths in the REPORT request
+ to be absolute URLs. Serf based clients send relative URLs instead
+ of absolute URLs in many cases. As a result these clients are not blocked
+ as configured by mod_dontdothat.</p>
+ <p>mod_dav_svn assertion triggered by non-canonical URLs in autoversioning commits</p>
+ <p>When SVNAutoversioning is enabled via SVNAutoversioning on
+ commits can be made by single HTTP requests such as MKCOL and
+ PUT. If Subversion is built with assertions enabled any such
+ requests that have non-canonical URLs, such as URLs with a
+ trailing /, may trigger an assert. An assert will cause the
+ Apache process to abort.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2013-4505</cvename>
+ <cvename>CVE-2013-4558</cvename>
+ <url>http://subversion.apache.org/security/CVE-2013-4505-advisory.txt</url>
+ <url>http://subversion.apache.org/security/CVE-2013-4558-advisory.txt</url>
+ </references>
+ <dates>
+ <discovery>2013-11-15</discovery>
+ <entry>2013-11-25</entry>
+ </dates>
+ </vuln>
+
<vuln vid="742eb9e4-e3cb-4f5a-b94e-0e9a39420600">
<topic>ruby-gems -- Algorithmic Complexity Vulnerability</topic>
<affects>