CVE-2016-2167: svnserve/sasl may authenticate users using the wrong realm. svnserve, the svn:// protocol server, can optionally use the Cyrus SASL library for authentication, integrity protection, and encryption.Due to a programming oversight, authentication against Cyrus SASL would permit the remote user to specify a realm string which is a prefix of the expected realm string. Fixed In Version: Subversion 1.8.16Subversion 1.9.4