Author: stsp
Date: Tue Apr 12 18:52:40 2022
New Revision: 1899789
URL: http://svn.apache.org/viewvc?rev=1899789&view=rev
Log:
* CHANGES: The fix for CVE-2021-28544 was a server-side fix, not client-side.
Modified:
subversion/trunk/CHANGES
Modified: subversion/trunk/CHANGES
URL:
http://svn.apache.org/viewvc/subversion/trunk/CHANGES?rev=1899789&r1=1899788&r2=1899789&view=diff
==============================================================================
--- subversion/trunk/CHANGES (original)
+++ subversion/trunk/CHANGES Tue Apr 12 18:52:40 2022
@@ -15,12 +15,12 @@ Version 1.14.2
(12 Apr 2022, from /branches/1.14.x)
User-visible changes:
- Client-side bugfixes:
- * Fix CVE-2021-28544: authz protected copyfrom paths regression (r1899227)
* Fix -r option documentation for some svnadmin subcommands (r1896877)
* Fix error message encoding when system() call fails (r1887641, r1890013)
* Fix assertion failure in conflict resolver (r1892470, -471, -541)
- Server-side bugfixes:
+ * Fix CVE-2021-28544: authz protected copyfrom paths regression (r1899227)
* Fix CVE-2022-24070: use-after-free in mod_dav_svn (issue #4880)
Developer-visible changes:
@@ -300,10 +300,10 @@ Version 1.10.8
(12 Apr 2022, from /branches/1.10.x)
User-visible changes:
- Client-side bugfixes:
- * Fix CVE-2021-28544: authz protected copyfrom paths regression (r1899227)
* Fix merge assertion failure in svn_sort__array_insert (issue #4840)
- Server-side bugfixes:
+ * Fix CVE-2021-28544: authz protected copyfrom paths regression (r1899227)
* Fix CVE-2022-24070: use-after-free in mod_dav_svn (issue #4880)
* Fix authz doesn't combine global and repository rules (issue #4762)
