/ 
Alien-SVN-v1.8.11.0
River stage one • 3 direct dependents • 3 total dependents
⭐ Starred 15 GitHub stars
/ Alien::SVN
Security Advisories (6)
CVE-2015-0248 (2015-04-08)

The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynamically evaluated revision numbers.

CVE-2015-0251 (2015-04-08)

The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences.

CVE-2017-9800 (2017-08-11)

A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://.

CVE-2018-11782 (2019-09-26)

In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server.

CVE-2019-0203 (2019-09-26)

In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands. This can lead to disruption for users of the server.

CVE-2015-3187 (2015-08-12)

The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.

NAME

Alien::SVN - A wrapper for installing the SVN Perl bindings

DESCRIPTION

Alien::SVN is a wrapper to install the Perl bindings for subversion, also known as SVN::Core. If your module needs SVN::Core it can depend on SVN::Core normally, then CPAN clients can resolve the dependency normally via Alien::SVN. This is particularly useful for programs like SVK.

It comes with a copy of Subversion 1.8.11 which it will compile but only installs the Perl and Subversion libraries. They will be installed to your Perl library, not your system library. The subversion binaries will not be installed.

BUGS and FEEDBACK

Alien::SVN only wraps SVN::Core. We don't work on it.

Bug reports, problems and feedback about the Alien::SVN distribution and building SVN::Core should come to us at https://github.com/evalEmpire/Alien-SVN/issues.

Issues and improvements to SVN::Core should go to the Apache Subversion project directly. https://subversion.apache.org/reporting-issues.html

If you're not sure who to report to, you can always report to us and we'll point you in the right direction.

Report early, report often.

The repository can be found at https://github.com/evalEmpire/Alien-SVN.

LICENSE

Alien::SVN is copyright 2007-2015 Michael G Schwern <schwern@pobox.com> It is licensed under the same terms as Perl itself. See http://www.perl.com/perl/misc/Artistic.html for licensing.

This product includes Apache Subversion licensed under the Apache License 2.0 or similar terms. See src/subversion/LICENSE for full licensing information.