Created attachment 167760 [details] Proposed patch The attached patches fix two CVEs with code obtained from Debian: CVE-2013-6892 and CVE-2016-2511. The respective vuln.xml entries have already been added.
I approve on behalf of ports-secteam for you to commit this update without waiting for maintainer feedback. Please include MFH: 2016Q1 in the commit message and we will approve the MFH as well. If you need assistance with the merge let me know. Thanks!
A commit references this bug: Author: rakuco Date: Sun Mar 6 18:26:39 UTC 2016 New revision: 410474 URL: https://svnweb.freebsd.org/changeset/ports/410474 Log: Add patches to fix CVE-2013-6892 and CVE-2016-2511. PR: 207740 Approved by: ports-secteam (feld) MFH: 2016Q1 Changes: head/devel/websvn/Makefile head/devel/websvn/files/patch-CVE-2013-6892 head/devel/websvn/files/patch-CVE-2016-2511
A commit references this bug: Author: rakuco Date: Sun Mar 6 18:30:23 UTC 2016 New revision: 410475 URL: https://svnweb.freebsd.org/changeset/ports/410475 Log: MFH: r410474 Add patches to fix CVE-2013-6892 and CVE-2016-2511. PR: 207740 Approved by: ports-secteam (feld) Changes: _U branches/2016Q1/ branches/2016Q1/devel/websvn/Makefile branches/2016Q1/devel/websvn/files/patch-CVE-2013-6892 branches/2016Q1/devel/websvn/files/patch-CVE-2016-2511