[ubuntu/impish-security] subversion 1.14.1-3ubuntu0.1 (Accepted)

Spyros Seimenis spyros.seimenis at canonical.com
Tue Apr 12 16:23:51 UTC 2022

subversion (1.14.1-3ubuntu0.1) impish-security; urgency=medium

  * SECURITY UPDATE: Use-after-free of object-pools when used as httpd module
    - debian/patches/CVE-2022-24070.patch: Register cleanup handler to reset
      authz initialization state in subversion/libsvn_repos/authz.c
    - CVE-2022-24070
  * SECURITY UPDATE: Disclosure of copyfrom paths that should be hidden
    according to configured path-based authz rules when copying.
    - debian/patches/CVE-2021-28544.patch: Do not expose copyfrom information
      if path is configured private with authz.
    - CVE-2021-28544

Date: 2022-04-11 11:52:14.775973+00:00
Changed-By: Spyros Seimenis <spyros.seimenis at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the impish-changes mailing list