[ubuntu/focal-updates] subversion 1.13.0-3ubuntu0.1 (Accepted)

Ubuntu Archive Robot ubuntu-archive-robot at lists.canonical.com
Tue Apr 12 16:58:13 UTC 2022

subversion (1.13.0-3ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: Use-after-free of object-pools when used as httpd module
    - debian/patches/CVE-2022-24070.patch: Register cleanup handler to reset
      authz initialization state in subversion/libsvn_repos/authz.c
    - CVE-2022-24070
  * SECURITY UPDATE: Disclosure of copyfrom paths that should be hidden
    according to configured path-based authz rules when copying.
    - debian/patches/CVE-2021-28544.patch: Do not expose copyfrom information
      if path is configured private with authz.
    - CVE-2021-28544

Date: 2022-04-11 08:25:15.628796+00:00
Changed-By: Spyros Seimenis <spyros.seimenis at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Focal-changes mailing list