Package : subversion Version : 1.6.17dfsg-4+deb7u11 CVE ID : CVE-2016-2167 CVE-2016-2168 CVE-2016-2167 svnserve, the svn:// protocol server, can optionally use the Cyrus SASL library for authentication, integrity protection, and encryption. Due to a programming oversight, authentication against Cyrus SASL would permit the remote user to specify a realm string which is a prefix of the expected realm string. CVE-2016-2168 Subversion's httpd servers are vulnerable to a remotely triggerable crash in the mod_authz_svn module. The crash can occur during an authorization check for a COPY or MOVE request with a specially crafted header value. This allows remote attackers to cause a denial of service. -- James GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy <jamessan@debian.org>
Attachment:
signature.asc
Description: PGP signature