Package "ruby-svn"

Name: ruby-svn


Ruby bindings for Apache Subversion

Latest version: 1.13.0-3ubuntu0.2
Release: focal (20.04)
Level: updates
Repository: universe
Head package: subversion
Homepage: http://subversion.apache.org/


Download "ruby-svn"

Other versions of "ruby-svn" in Focal

Repository Area Version
base universe 1.13.0-3
security universe 1.13.0-3ubuntu0.2


Version: 1.13.0-3ubuntu0.2 2022-05-26 06:06:19 UTC

  subversion (1.13.0-3ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: Remote unauthenticated denial-of-service in Subversion
    mod_authz_svn (LP: #1970228)
    - debian/patches/CVE-2020-17525.patch: Check for NULL repos_root_dirent in
    - CVE-2020-17525

 -- Luís Infante da Câmara <email address hidden> Thu, 12 May 2022 21:47:08 +0100

Source diff to previous version
1970228 Multiple vulnerabilities in Bionic, Focal and Jammy
CVE-2020-17525 Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a c

Version: 1.13.0-3ubuntu0.1 2022-04-12 19:06:19 UTC

  subversion (1.13.0-3ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: Use-after-free of object-pools when used as httpd module
    - debian/patches/CVE-2022-24070.patch: Register cleanup handler to reset
      authz initialization state in subversion/libsvn_repos/authz.c
    - CVE-2022-24070
  * SECURITY UPDATE: Disclosure of copyfrom paths that should be hidden
    according to configured path-based authz rules when copying.
    - debian/patches/CVE-2021-28544.patch: Do not expose copyfrom information
      if path is configured private with authz.
    - CVE-2021-28544

 -- Spyros Seimenis <email address hidden> Fri, 08 Apr 2022 12:43:33 +0300

CVE-2022-24070 RESERVED
CVE-2021-28544 RESERVED

About   -   Send Feedback to @ubuntu_updates