[ubuntu/focal-security] subversion 1.13.0-3ubuntu0.1 (Accepted)
Spyros Seimenis
spyros.seimenis at canonical.com
Tue Apr 12 16:23:53 UTC 2022
subversion (1.13.0-3ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: Use-after-free of object-pools when used as httpd module
- debian/patches/CVE-2022-24070.patch: Register cleanup handler to reset
authz initialization state in subversion/libsvn_repos/authz.c
- CVE-2022-24070
* SECURITY UPDATE: Disclosure of copyfrom paths that should be hidden
according to configured path-based authz rules when copying.
- debian/patches/CVE-2021-28544.patch: Do not expose copyfrom information
if path is configured private with authz.
- CVE-2021-28544
Date: 2022-04-11 08:25:15.628796+00:00
Changed-By: Spyros Seimenis <spyros.seimenis at canonical.com>
https://launchpad.net/ubuntu/+source/subversion/1.13.0-3ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list