diff options
| author | nectar <nectar@FreeBSD.org> | 2004-09-27 02:17:36 +0800 |
|---|---|---|
| committer | nectar <nectar@FreeBSD.org> | 2004-09-27 02:17:36 +0800 |
| commit | dad6845ff36d815c3cac8a784c68de35a905bdb3 (patch) | |
| tree | 904792ee3b5514a75443d6e9b35ae8edb7b4bf5e /security | |
| parent | 46ff5ea35f224e193dba317493d6d525fb85b418 (diff) | |
| download | freebsd-ports-gnome-dad6845ff36d815c3cac8a784c68de35a905bdb3.tar.gz freebsd-ports-gnome-dad6845ff36d815c3cac8a784c68de35a905bdb3.tar.zst freebsd-ports-gnome-dad6845ff36d815c3cac8a784c68de35a905bdb3.zip | |
Note subversion information disclosure vulnerability.
Submitted by: lev
Approved by: portmgr
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index f4f6d0970fa7..0b2220884dc0 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -32,6 +32,42 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="184f5d0b-0fe8-11d9-8a8a-000c41e2cdad"> + <topic>subversion -- WebDAV fails to protect metadata</topic> + <affects> + <package> + <name>subversion</name> + <name>subversion-perl</name> + <name>subversion-python</name> + <range><lt>1.0.8</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>In some situations, subversion metadata may be unexpectedly + disclosed via WebDAV. A subversion advisory states:</p> + <blockquote cite="http://subversion.tigris.org/security/CAN-2004-0749-advisory.txt"> + <p>mod_authz_svn, the Apache httpd module which does path-based + authorization on Subversion repositories, is not correctly + protecting all metadata on unreadable paths.</p> + <p>This security issue is not about revealing the contents + of protected files: it only reveals metadata about + protected areas such as paths and log messages. This may + or may not be important to your organization, depending + on how you're using path-based authorization, and the + sensitivity of the metadata. </p> + </blockquote> + </body> + </description> + <references> + <cvename>CAN-2004-0749</cvename> + <url>http://subversion.tigris.org/security/CAN-2004-0749-advisory.txt</url> + </references> + <dates> + <discovery>2004-09-15</discovery> + <entry>2004-09-26</entry> + </dates> + </vuln> <vuln vid="273cc1a3-0d6b-11d9-8a8a-000c41e2cdad"> <topic>lha -- numerous vulnerabilities when extracting archives</topic> <affects> |