it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Salvatore Bonaccorso <carnil AT debian.org>
- To: debian-security-announce AT lists.debian.org
- Subject: [IT-SecNots] [SECURITY] [DSA 5119-1] subversion security update
- Date: Wed, 13 Apr 2022 04:21:54 +0000
- List-archive: https://lists.debian.org/msgid-search/E1neUVu-00087O-Pc AT seger.debian.org
- List-id: <debian-security-announce.lists.debian.org>
- List-url: <http://lists.debian.org/debian-security-announce/>
- Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version :Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=ObOAtCyKNZJcTDp9EEe07KQPy8ilpzvCvapOCvYQDtU=; b=P1 8Q183NpvYmkAReTx19rOxp7Kwh4Ws1Gv2YalyrQHXV4TXqnDm+/JnhI60aTMC073b34+cz80I6byJ xKBEbizl3EF+lsS+31OWYz5EKw2jiBnbJ/8pZwkeK3onoLyYsC1NczsuCXSigokAhYcCB+CL/Fkwk tLfHuuN+QkJ6xIPqg0QS/pb9INk1aUmNT1+6niofo0I2MFVMrSn7fbPvModIqSRlF46UtMMe6//au IeoU/v/IxMnCfjeEbPI9yy+hF7iN7AS1N2YIKxGm2sQjIodDCNSM2RGGz1Bjr7x+BX1/bqruChjn+ 6cOlrQmmXz6q4zC63OwQM86oySpCrNHw==;
- Old-return-path: <carnil AT seger.debian.org>
- Priority: urgent
- Resent-date: Wed, 13 Apr 2022 04:22:13 +0000 (UTC)
- Resent-from: debian-security-announce AT lists.debian.org
- Resent-message-id: <k4iSgTuxyKF.A.kjD.1_kViB@bendel>
- Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5119-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
April 13, 2022 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : subversion
CVE ID : CVE-2021-28544 CVE-2022-24070
Several vulnerabilities were discovered in Subversion, a version control
system.
CVE-2021-28544
Evgeny Kotkov reported that Subversion servers reveal 'copyfrom'
paths that should be hidden according to configured path-based
authorization (authz) rules.
CVE-2022-24070
Thomas Weissschuh reported that Subversion's mod_dav_svn is prone to
a use-after-free vulnerability when looking up path-based
authorization rules, which can result in denial of service (crash of
HTTPD worker handling the request).
For the oldstable distribution (buster), these problems have been fixed
in version 1.10.4-1+deb10u3.
For the stable distribution (bullseye), these problems have been fixed in
version 1.14.1-3+deb11u1.
We recommend that you upgrade your subversion packages.
For the detailed security status of subversion please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/subversion
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmJWT8RfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0T5nA//cNwSe776flBf6n4X6Lo6zctM1q4ZNsY0dzr1lV9TpOOg4SlA/esb6gDa
9b/Ty+FwOg3T3vdw0HU2rqFTFimb6I+/gM3ly1XOvtqHXj6av4caDtAPk7wyNOdk
Pi4kzd2bISM6rZUqQDGFstMrNk5a+N7TajIT+7UAO7Ar85IDwvke269TsYxEZtka
gjUNRc7J2FXY9QHd47DnD2CK3CGix+t4tKGJVdeHx1zGb/73vSRki0RnwNpAbr2h
wvzj+W9Hx92Nh1GCNoYv3b7oyxjPBerI/v4QrYu2EnPYaV8oLW0JPc4JYf0YPQrR
R/RNhydAzOqFzy05rMCq9WZHwH++fBhJmWctA/LfOJYO+Lrj6HI17D4gPJraofcZ
Jjcb7j156fY7FGclrPDuavOe2GmcylxUmUiwu1eL6PYZ/QAcdbbaw8nf1V1f9cDj
tzTAAIKdRtsCtkC9WYSz/H5+UckJ8XYK3+nxRIblIsHHgk8ICOO5mWEIzEbqzGad
NKwysuNBSFqUQCLMADf0fZTxHts6DF8Sj3yjVaDfCrVqTY+Qk8yTl97dnAxflI3W
HX7ees+yLmHF46P7gskWy0YLSPXmqRkSagpA60AT+DekLpXL+pIBgFN+bgtndr4i
fNAhsxLlmPZ9EVzVbfHT5J3ULRXdi1vwHiXXjuJBKkwNLybCu60=
=Bytg
-----END PGP SIGNATURE-----
- [IT-SecNots] [SECURITY] [DSA 5119-1] subversion security update, Salvatore Bonaccorso, 13.04.2022
Archiv bereitgestellt durch MHonArc 2.6.24.