it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Salvatore Bonaccorso <carnil AT debian.org>
- To: debian-security-announce AT lists.debian.org
- Subject: [IT-SecNots] [SECURITY] [DSA 4851-1] subversion security update
- Date: Sat, 13 Feb 2021 11:39:51 +0000
- List-archive: https://lists.debian.org/msgid-search/E1lAtHD-0001Yl-7t AT seger.debian.org
- List-id: <debian-security-announce.lists.debian.org>
- List-url: <http://lists.debian.org/debian-security-announce/>
- Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version :Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=hAAW/HYDR6oxoK9E1zYknurFDUm/HMZDKSiQnAqhgTQ=; b=cP deGFVl2s3abxP8a7cCbTexK4V1PpaqZA+OG6S2oi6b2MLZWflYk4Lvg8jPbmBd03QQSCXnVvWk9Cu 5PqNYuM0Rsa4jD6UAkMYRw7Z+pIaaz/E+i5F/7GY22umXI0XwyQFk5qIebXVsSQUCewScnVeyL7bi yDgPgoTQT/BHHhrVmD3sfMqZgl0MJ44HYaEdN84tgcViTumQyOIIHWmNYxNH2z7PQcFudZ7tMvtOd i/vq3NUhSKTnKlkd/diLPTKr5z9CAZH+OJViSD/kXN1u0duzcV5UM+hj/nz+kSQki9dS62U4hXzXL MvTPxsSUlSG3yld1+mGK4pgnR2/lBiWA==;
- Old-return-path: <carnil AT seger.debian.org>
- Priority: urgent
- Resent-date: Sat, 13 Feb 2021 11:40:07 +0000 (UTC)
- Resent-from: debian-security-announce AT lists.debian.org
- Resent-message-id: <9cee-0__5uL.A.l7D.Xq7JgB@bendel>
- Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4851-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
February 13, 2021 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : subversion
CVE ID : CVE-2020-17525
Debian Bug : 982464
Thomas Akesson discovered a remotely triggerable vulnerability in the
mod_authz_svn module in Subversion, a version control system. When using
in-repository authz rules with the AuthzSVNReposRelativeAccessFile
option an unauthenticated remote client can take advantage of this flaw
to cause a denial of service by sending a request for a non-existing
repository URL.
For the stable distribution (buster), this problem has been fixed in
version 1.10.4-1+deb10u2.
We recommend that you upgrade your subversion packages.
For the detailed security status of subversion please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/subversion
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmAnuNtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0TEgQ/7B/Q1myqwz2fbhOoIJBhhUj5h1rOumY75313o4oVie9DO2Wfdq8orjdW4
vq3XLFfdcGyrfrP+QpcKBLP9042o5YNvm7zMEQ4aABnsudEC5m18McJpzrPTB50H
i2l0SBG0KTffRNziXmumqDZK/hiev9BDIBTi+MrX7aA6x6mHJHfHsq2YiLj0vluU
ap240iT4Ds/0x8Gly0zPjcCWvtWVOfyvwSX9MIeNn7RpcyhXKysm++/fEwmmAkj8
Uu4toxIWzFB51lMxUkzjeIFhJlIvjYThcQ2ppSuocozTUUdVwSQfqO/HqxzzanoP
fbUqdNuJ4pEaw1XbOkrUlvwznxXZJu2tHhwk8QQHwFjGAvis1egoDjbznAwmQLeL
t82P/pBjcIMpbyusUGQ4d8m4RLGw/sFQUOJL9VkmdbokK3bZCf0MmwCC1dQQOhtP
fDlnGdmvnVNjS0w/TdcVtXnf/9osY4+cHurQIAikRbesRRy0+GU7uwsMc7xbrHYJ
CNJq4lkwyqhpcGTg3FIg76xtyVSnPRRptEFoh41ORxLOxpJ6YnC9MwkgQOWsjNUG
n41adApEDGCHKuxBsu3oCDMnSal+zeK9i9sQHQMJl0myaRHbeRnPH2qXpO1/OAuI
O16w2Jt+eF2OzQC2Nkr2fq9BZxv5tstsxeZqCPPE2YHfArAvkHg=
=vgyS
-----END PGP SIGNATURE-----
- [IT-SecNots] [SECURITY] [DSA 4851-1] subversion security update, Salvatore Bonaccorso, 13.02.2021
Archiv bereitgestellt durch MHonArc 2.6.24.