Processing control commands:
> severity -1 normal
Bug #1019981 [subversion] subversion: "svn propedit" loses changes in case of a
network failure / remote attack
Severity set to 'normal' from 'critical'
> tag -1 - security
Bug #1019981 [subversion] subversion: "svn propedit" loses changes in
Control: severity -1 normal
Control: tag -1 - security
On Mon, Sep 19, 2022 at 02:53:24AM +0200, Vincent Lefevre wrote:
> On 2022-09-18 14:40:36 -0400, James McCoy wrote:
> > You're saying that the change you were preparing was lost, but nothing
> > was actually changed in svn, right?
>
> Yes.
On 2022-09-18 14:40:36 -0400, James McCoy wrote:
> You're saying that the change you were preparing was lost, but nothing
> was actually changed in svn, right?
Yes. What happens is that svn retrieves the current property value
from the server, puts it in a file "/tmp/svn-prop.tmp" and runs an
On Sun, Sep 18, 2022 at 02:18:22AM +0200, Vincent Lefevre wrote:
> (The "critical" severity is in part because the data loss was
> triggered by a remote attack, though the data loss may occur
> with any kind of network failure.)
>
> I wanted to edit a log message with
>
> svn pe --revprop
Package: subversion
Version: 1.14.2-3+b1
Severity: critical
Tags: security upstream
Justification: causes serious data loss
X-Debbugs-Cc: Debian Security Team
Forwarded: https://lists.apache.org/thread/54hk6wbqsjnyl3h6p88tno2gpmgr4otd
(The "critical" severity is in part because the data loss was
5 matches
Mail list logo
