1 files changed, 11 insertions, 0 deletions

diff --git a/patches/source/subversion/subversion.CVE-2016-2167.diff b/patches/source/subversion/subversion.CVE-2016-2167.diff
new file mode 100644
index 000000000..891cc59aa
--- /dev/null
+++ b/patches/source/subversion/subversion.CVE-2016-2167.diff
@@ -0,0 +1,11 @@
+--- ./subversion/svnserve/cyrus_auth.c.orig	2014-01-26 22:04:31.000000000 -0600
++++ ./subversion/svnserve/cyrus_auth.c	2016-04-30 15:00:31.936038054 -0500
+@@ -73,6 +73,8 @@
+     {
+       /* The only valid realm is user_realm (i.e. the repository's realm).
+          If the user gave us another realm, complain. */
++      if (realm_len != inlen-(pos-in+1))
++        return SASL_BADPROT;
+       if (strncmp(pos+1, user_realm, inlen-(pos-in+1)) != 0)
+         return SASL_BADPROT;
+     }