Index: svnadmin/hooks/scripts/vulnxml-unique.sh
===================================================================
--- svnadmin/hooks/scripts/vulnxml-unique.sh	(revision 431187)
+++ svnadmin/hooks/scripts/vulnxml-unique.sh	(revision 431188)
@@ -1,44 +1,54 @@
 #!/bin/sh
 # $FreeBSD$
 
 # Check that security/vuxml/vuln.xml is not committed together with other files
 
 REPO=$1
 TXN=$2
 
 # check arguments
 if [ -z "$REPO" -o -z "$TXN" ] ; then
   echo "Syntax: $0 path_to_repos txn_id" >&2
   exit 1
 fi
 
 # no commit to vuln.xml or other files yet
 VULN_XML=0
 OTHER=0
 
 # see what has changed
 OIFS=${IFS}
 IFS=$'\n'
 for line in $(svnlook changed -t $TXN $REPO) ; do
 	IFS=${OIFS}
 	set -- $line
 	type=$1
 	fpath=$2
 	case $fpath in
 		head/security/vuxml/vuln.xml)
 			VULN_XML=1
 			;;
+		branches/*/security/vuxml/vuln.xml)
+			if [ ${type} != 'A' ]; then
+				VULN_XML=2
+			fi
+			;;
 		*)
 			OTHER=1
 			;;
 	esac
 done
+
+if [ $VULN_XML -eq 2 ]; then
+	echo "Commits to security/vuxml/vuln.xml are only allowed on HEAD" 1>&2
+	exit 1
+fi
 
 # yell
 if [ $VULN_XML -gt 0 -a $OTHER -gt 0 ] ; then
 	echo "Commit to security/vuxml/vuln.xml first, and then other files" 1>&2
 	exit 1
 fi
 
 # ok
 exit 0