From owner-svn-ports-all@FreeBSD.ORG Mon Aug 11 18:42:38 2014 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D1BF09B9 for ; Mon, 11 Aug 2014 18:42:38 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A183E2229 for ; Mon, 11 Aug 2014 18:42:38 +0000 (UTC) Received: from ohauer (uid 1234) (envelope-from ohauer@FreeBSD.org) id 2890 by svn.freebsd.org (DragonFly Mail Agent v0.9+); Mon, 11 Aug 2014 18:42:38 +0000 From: Olli Hauer Date: Mon, 11 Aug 2014 18:42:38 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r364637 - head/security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Message-Id: <53e90e9e.2890.53343e86@svn.freebsd.org> X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Aug 2014 18:42:38 -0000 Author: ohauer Date: Mon Aug 11 18:42:37 2014 New Revision: 364637 URL: http://svnweb.freebsd.org/changeset/ports/364637 QAT: https://qat.redports.org/buildarchive/r364637/ Log: - document subversion CVE-2014-3522, CVE-2014-3528 MFH: 2014Q3 Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Mon Aug 11 18:41:31 2014 (r364636) +++ head/security/vuxml/vuln.xml Mon Aug 11 18:42:37 2014 (r364637) @@ -57,6 +57,50 @@ Notes: --> + + subversion -- several vulnerabilities + + + subversion17 + 1.7.01.7.18 + + + subversion18 + 1.8.01.8.10 + + + + +

Subversion Project reports:

+
Using the Serf RA layer of Subversion for HTTPS uses the apr_fnmatch API + to handle matching wildcards in certificate Common Names and Subject + Alternate Names. However, apr_fnmatch is not designed for this purpose. + Instead it is designed to behave like common shell globbing. In particular + this means that '*' is not limited to a single label within a hostname + (i.e. it will match '.'). But even further apr_fnmatch supports '?' and + character classes (neither of which are part of the RFCs defining how + certificate validation works).
+
Subversion stores cached credentials by an MD5 hash based on the URL and + the authentication realm of the server the credentials are cached for. + MD5 has been shown to be subject to chosen plaintext hash collisions. + This means it may be possible to generate an authentication realm which + results in the same MD5 hash for a different URL.
+

+ + + + CVE-2014-3522 + CVE-2014-3528 + http://subversion.apache.org/security/CVE-2014-3522-advisory.txt + http://subversion.apache.org/security/CVE-2014-3528-advisory.txt + + + 2014-08-06 + 2014-08-11 + + + nginx -- inject commands into SSL session vulnerability