Author: stsp
Date: Tue Apr 12 18:47:33 2022
New Revision: 1899788
URL: http://svn.apache.org/viewvc?rev=1899788&view=rev
Log:
* CHANGES: Refer to 1.14.2/1.10.8 security fixes by CVE number.
Modified:
subversion/trunk/CHANGES
Modified: subversion/trunk/CHANGES
URL:
http://svn.apache.org/viewvc/subversion/trunk/CHANGES?rev=1899788&r1=1899787&r2=1899788&view=diff
==============================================================================
--- subversion/trunk/CHANGES (original)
+++ subversion/trunk/CHANGES Tue Apr 12 18:47:33 2022
@@ -15,13 +15,13 @@ Version 1.14.2
(12 Apr 2022, from /branches/1.14.x)
User-visible changes:
- Client-side bugfixes:
- * Don't show unreadable copyfrom paths in 'svn log -v' (r1899227)
+ * Fix CVE-2021-28544: authz protected copyfrom paths regression (r1899227)
* Fix -r option documentation for some svnadmin subcommands (r1896877)
* Fix error message encoding when system() call fails (r1887641, r1890013)
* Fix assertion failure in conflict resolver (r1892470, -471, -541)
- Server-side bugfixes:
- * Fix use-after-free of object-pools when running in httpd (issue #4880)
+ * Fix CVE-2022-24070: use-after-free in mod_dav_svn (issue #4880)
Developer-visible changes:
* Add test coverage for CVE-2020-17525 (r1883838 et al)
@@ -300,11 +300,11 @@ Version 1.10.8
(12 Apr 2022, from /branches/1.10.x)
User-visible changes:
- Client-side bugfixes:
- * Don't show unreadable copyfrom paths in 'svn log -v' (r1899227)
+ * Fix CVE-2021-28544: authz protected copyfrom paths regression (r1899227)
* Fix merge assertion failure in svn_sort__array_insert (issue #4840)
- Server-side bugfixes:
- * Fix use-after-free of object-pools when running in httpd (issue #4880)
+ * Fix CVE-2022-24070: use-after-free in mod_dav_svn (issue #4880)
* Fix authz doesn't combine global and repository rules (issue #4762)
Developer-visible changes:
