Hi,
On 2023/11/02 0:06, JITHIN K wrote:
Hello Mark,
Thank you and appreciate your email.
The Subversion version in my Ubuntu server is 1.13.0-3ubuntu0.2 and when I
check the change log
https://changelogs.ubuntu.com/changelogs/pool/universe/s/subversion/subversion_1.13.0-3ubuntu0.2/changelog
I could see that security update for CVE-2020-17525 included in the
1.13.0-3ubuntu0.2
but patches for other three were not included (CVE-2021-21298 ,
CVE-2021-21297,CVE-2021-21296). Does that mean in the next Ubuntu 20.04.x
release they include patches for these vulnerabilities?
It seems that CVE-2021-21298 and CVE-2021-21297 are vulnerability of
Node-RED, and CVE-2021-21296 is of Fleet. I couldn't find any
source that those affects Subversion, except your mail.
As far as I saw https://subversion.apache.org/security/, vulnerabilities
published and could affect Subversion 1.13.0 are CVE-2020-17525,
CVE-2021-28544, and CVE-2022-24070. However those all had been fixed
in 1.13.0-3ubuntu0.2.
Cheers,
--
Yasuhito FUTATSUKI <futat...@poem.co.jp>/<futat...@yf.bsdclub.org>
