close #982464 On Sat, Feb 13, 2021 at 5:03 PM Debian Bug Tracking System < ow...@bugs.debian.org> wrote:
> Your message dated Sat, 13 Feb 2021 17:02:07 +0000 > with message-id <e1layj5-0002st...@fasolo.debian.org> > and subject line Bug#982464: fixed in subversion 1.10.4-1+deb10u2 > has caused the Debian Bug report #982464, > regarding subversion: CVE-2020-17525: Remote unauthenticated > denial-of-service in Subversion mod_authz_svn > to be marked as done. > > This means that you claim that the problem has been dealt with. > If this is not the case it is now your responsibility to reopen the > Bug report if necessary, and/or fix the problem forthwith. > > (NB: If you are a system administrator and have no idea what this > message is talking about, this may indicate a serious mail system > misconfiguration somewhere. Please contact ow...@bugs.debian.org > immediately.) > > > -- > 982464: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982464 > Debian Bug Tracking System > Contact ow...@bugs.debian.org with problems > > > > ---------- Forwarded message ---------- > From: Salvatore Bonaccorso <car...@debian.org> > To: Debian Bug Tracking System <sub...@bugs.debian.org> > Cc: > Bcc: > Date: Wed, 10 Feb 2021 15:36:11 +0100 > Subject: subversion: CVE-2020-17525: Remote unauthenticated > denial-of-service in Subversion mod_authz_svn > Source: subversion > Version: 1.14.0-3 > Severity: grave > Tags: security upstream > Justification: user security hole > X-Debbugs-Cc: car...@debian.org, Debian Security Team < > t...@security.debian.org> > Control: found -1 1.10.4-1+deb10u1 > Control: found -1 1.10.4-1 > > Hi, > > The following vulnerability was published for subversion. > > CVE-2020-17525[0]: > | Remote unauthenticated denial-of-service in Subversion mod_authz_svn > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2020-17525 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17525 > [1] https://subversion.apache.org/security/CVE-2020-17525-advisory.txt > > Regards, > Salvatore > > > > ---------- Forwarded message ---------- > From: Debian FTP Masters <ftpmas...@ftp-master.debian.org> > To: 982464-cl...@bugs.debian.org > Cc: > Bcc: > Date: Sat, 13 Feb 2021 17:02:07 +0000 > Subject: Bug#982464: fixed in subversion 1.10.4-1+deb10u2 > Source: subversion > Source-Version: 1.10.4-1+deb10u2 > Done: James McCoy <james...@debian.org> > > We believe that the bug you reported is fixed in the latest version of > subversion, which is due to be installed in the Debian FTP archive. > > A summary of the changes between this version and the previous one is > attached. > > Thank you for reporting the bug, which will now be closed. If you > have further comments please address them to 982...@bugs.debian.org, > and the maintainer will reopen the bug report if appropriate. > > Debian distribution maintenance software > pp. > James McCoy <james...@debian.org> (supplier of updated subversion package) > > (This message was generated automatically at their request; if you > believe that there is a problem with it please contact the archive > administrators by mailing ftpmas...@ftp-master.debian.org) > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Format: 1.8 > Date: Wed, 10 Feb 2021 15:15:45 -0500 > Source: subversion > Architecture: source > Version: 1.10.4-1+deb10u2 > Distribution: buster-security > Urgency: high > Maintainer: James McCoy <james...@debian.org> > Changed-By: James McCoy <james...@debian.org> > Closes: 982464 > Changes: > subversion (1.10.4-1+deb10u2) buster-security; urgency=high > . > * Backport security fixes from upstream: > + CVE-2020-17525: Remote unauthenticated denial-of-service in > Subversion > mod_authz_svn (Closes: #982464) > Checksums-Sha1: > 4083a6149bc1db2459225024cec7d2f1b246dfc9 3399 > subversion_1.10.4-1+deb10u2.dsc > 0327270ece76ecfec4fb065ecccec3fb4cd8cdb9 438360 > subversion_1.10.4-1+deb10u2.debian.tar.xz > Checksums-Sha256: > fe2ad642c6b717e43a3e65e244ca13aa2cd20a2242d21e115f04ef173fadc9ab 3399 > subversion_1.10.4-1+deb10u2.dsc > af81a4228e6b41ef533d95a40fc73ea5b67dfceb3054f57cd7bcb9d42596af7c 438360 > subversion_1.10.4-1+deb10u2.debian.tar.xz > Files: > 9c38b90649c75e5c32ecb028b0f192b5 3399 vcs optional > subversion_1.10.4-1+deb10u2.dsc > ccfb1e3f3c41c3816263f4a1f494f045 438360 vcs optional > subversion_1.10.4-1+deb10u2.debian.tar.xz > > -----BEGIN PGP SIGNATURE----- > > iQKTBAEBCgB9FiEEkb+/TWlWvV33ty0j3+aRrjMbo9sFAmAnF0JfFIAAAAAALgAo > aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDkx > QkZCRjRENjk1NkJENURGN0I3MkQyM0RGRTY5MUFFMzMxQkEzREIACgkQ3+aRrjMb > o9tpBBAAmu8FT8lU8qy0EnuESCJr9v8CIH2tLBaoUiiP9FNv8Z09Bo79ka56NC9C > CJOXwRlBTQwHW7WfaAVGu9hFOiwv/sSaNxp23EJedfhtrmCiE+Lg9kY97Efo8v1f > /RtmhiR7AjJ5kK7hhDIwY/PwhbD3YZSWNdEjrPVdIfHw/+AOeYXHRcRu7JYFqPe/ > H40esZjTlAtoBtSoafRX6e6tpJCyCPdf5fAvJ6I4qR02hOzh2/S9Xanqe+7rHbE0 > nqOZxysds8gtHkR5909m/BFj2YrOIu5R005+CWrR16ulvifxeZwcLeUARbCokAtw > QZkTtEqz4cbWseBUjaQQVlpM0C47XzE1RDWdIdqtebbarse0Az7nurhZzVaOFr8q > kW5p126BUmYFA1XFGPQtSsaHhk37jUxS4mLT98Id2Y96iIa+ZCdmJp19UcbGPvJo > JMhMerNsZvyFXsyrgkej47wwfsxN/Jf9hs7YBqBHW3id1s7TthvzaFhAE2SBxcMj > 2TfeNR3aBYUL0eb7nRltEi6EulBWN2MV29CbR3VFODWs910DSF3693kYwwUAbnK3 > P9FwAh8BH4JKt9bKAXfVwQlMNpUuxNYA06XSSdihCj7uBuo8vtW+B4rjliWrK6Z6 > 5a1kyTvUuIMrW5SIzP52ekXNZ0oUCrHkBveBoU/NO5XDj1KKy7c= > =BRzK > -----END PGP SIGNATURE-----
