NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6e000dba5f
kumquat-buildroot/package/subversion/subversion.hash
Peter Korsgaard 89e51bc625 package/subversion: security bump to version 1.14.2 
Fixes the following security issues:

- CVE-2021-28544: SVN authz protected copyfrom paths regression

  Subversion servers reveal 'copyfrom' paths that should be hidden according
  to configured path-based authorization (authz) rules.  When a node has
  been copied from a protected location, users with access to the copy can
  see the `copyfrom' path of the original.  This also reveals the fact that
  the node was copied.  Only the 'copyfrom' path is revealed; not its
  contents.  Both httpd and svnserve servers are vulnerable.

  https://subversion.apache.org/security/CVE-2021-28544-advisory.txt

- CVE-2022-24070: Subversion's mod_dav_svn is vulnerable to memory corruption

  While looking up path-based authorization rules, mod_dav_svn servers may
  attempt to use memory which has already been freed.

  https://subversion.apache.org/security/CVE-2022-24070-advisory.txt

Drop no longer needed patch and autoreconf, as this is now fixed upstream:

https://svn.apache.org/viewvc?view=revision&revision=1881534

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-04-14 22:14:26 +02:00

6 lines
347 B
Plaintext
Raw Blame History

# From https://www.apache.org/dist/subversion/subversion-1.14.2.tar.bz2.sha512
sha512 20ada4688ca07d9fb8da4b7d53b5084568652a3b9418c65e688886bae950a16a3ff37710fcfc9c29ef14a89e75b2ceec4e9cf35d5876a7896ebc2b512cfb9ecc subversion-1.14.2.tar.bz2
# Locally calculated
sha256 484aff0cfbb81155a10f903ed756e27e9fc65578c245a295bae295c4bb51eaad LICENSE
Reference in New Issue View Git Blame Copy Permalink