/ 
Alien-SVN-v1.8.11.0
⭐ Starred 15 / Alien::SVN
Security Advisories (3)
CVE-2016-2167 (2016-05-05)

The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string.

CVE-2016-2168 (2016-05-05)

The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check.

CVE-2017-9800 (2017-08-11)

A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://.

NAME

Alien::SVN - A wrapper for installing the SVN Perl bindings

DESCRIPTION

Alien::SVN is a wrapper to install the Perl bindings for subversion, also known as SVN::Core. If your module needs SVN::Core it can depend on SVN::Core normally, then CPAN clients can resolve the dependency normally via Alien::SVN. This is particularly useful for programs like SVK.

It comes with a copy of Subversion 1.8.11 which it will compile but only installs the Perl and Subversion libraries. They will be installed to your Perl library, not your system library. The subversion binaries will not be installed.

BUGS and FEEDBACK

Alien::SVN only wraps SVN::Core. We don't work on it.

Bug reports, problems and feedback about the Alien::SVN distribution and building SVN::Core should come to us at https://github.com/evalEmpire/Alien-SVN/issues.

Issues and improvements to SVN::Core should go to the Apache Subversion project directly. https://subversion.apache.org/reporting-issues.html

If you're not sure who to report to, you can always report to us and we'll point you in the right direction.

Report early, report often.

The repository can be found at https://github.com/evalEmpire/Alien-SVN.

LICENSE

Alien::SVN is copyright 2007-2015 Michael G Schwern <schwern@pobox.com> It is licensed under the same terms as Perl itself. See http://www.perl.com/perl/misc/Artistic.html for licensing.

This product includes Apache Subversion licensed under the Apache License 2.0 or similar terms. See src/subversion/LICENSE for full licensing information.