** No longer affects: subversion (Ubuntu Impish)
** Changed in: subversion (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1970228
Title:
Removing ubuntu-security-sponsors since there is no debdiff to sponsor.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1970228
Title:
Multiple vulnerabilities in Bionic, Focal and Jammy
To
Setting impish to Incomplete since there is no debdiff to sponsor at
this stage.
** Changed in: subversion (Ubuntu Impish)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
This bug was fixed in the package subversion - 1.14.1-3ubuntu0.22.04.1
---
subversion (1.14.1-3ubuntu0.22.04.1) jammy-security; urgency=medium
* SECURITY UPDATE: CVE-2021-28544, CVE-2022-24070 (LP: #1970228)
- debian/patches/CVE-2021-28544.patch,
This bug was fixed in the package subversion - 1.9.7-4ubuntu1.1
---
subversion (1.9.7-4ubuntu1.1) bionic-security; urgency=medium
* SECURITY UPDATE: CVE-2018-11782, CVE-2019-0203, CVE-2020-17525 (LP:
#1970228)
- debian/patches/CVE-2018-11782.patch: New patch from upstream
This bug was fixed in the package subversion - 1.13.0-3ubuntu0.2
---
subversion (1.13.0-3ubuntu0.2) focal-security; urgency=medium
* SECURITY UPDATE: Remote unauthenticated denial-of-service in Subversion
mod_authz_svn (LP: #1970228)
- debian/patches/CVE-2020-17525.patch:
Thanks for the updated patches - they look a lot better. Note, one thing
we try and do is to add references to the patch files to indicate where
they came from as per https://dep-team.pages.debian.net/deps/dep3/ - as
an example see the update in
** Patch added: "subversion_jammy.debdiff"
https://bugs.launchpad.net/ubuntu/+source/subversion/+bug/1970228/+attachment/5591776/+files/subversion_jammy.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
** Patch added: "subversion_bionic.debdiff"
https://bugs.launchpad.net/ubuntu/+source/subversion/+bug/1970228/+attachment/5591768/+files/subversion_bionic.debdiff
** Patch removed: "subversion_bionic.debdiff"
** Patch added: "subversion_focal.debdiff"
https://bugs.launchpad.net/ubuntu/+source/subversion/+bug/1970228/+attachment/5591714/+files/subversion_focal.debdiff
** Patch removed: "subversion_focal.debdiff"
Thanks for the debdiffs. I've reviewed them:
- NACK on the bionic debdiff. Updating the version isn't acceptable for a
security update. You can fix the FTBFS by using the java10-compatibility patch
from buster.
- NACK on the focal debdiff. It doesn't look like you added the patch to the
series
** Also affects: subversion (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects: subversion (Ubuntu Impish)
Importance: Undecided
Status: New
** Also affects: subversion (Ubuntu Focal)
Importance: Undecided
Status: New
** Also affects: subversion
** Attachment added: "Upstream tarball for Jammy"
https://bugs.launchpad.net/ubuntu/+source/subversion/+bug/1970228/+attachment/5589359/+files/subversion-1.14.2.tar.bz2
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
** Patch added: "subversion_jammy.debdiff"
https://bugs.launchpad.net/ubuntu/+source/subversion/+bug/1970228/+attachment/5589358/+files/subversion_jammy.debdiff
** Changed in: subversion (Ubuntu)
Status: In Progress => Fix Committed
--
You received this bug notification because you
** Patch added: "subversion_focal.debdiff"
https://bugs.launchpad.net/ubuntu/+source/subversion/+bug/1970228/+attachment/5589357/+files/subversion_focal.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-0203
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1970228
Title:
Multiple vulnerabilities in Bionic, Focal, Impish and
** Summary changed:
- Version in Jammy is vulnerable to CVE-2021-28544 and CVE-2022-24070
+ Multiple vulnerabilities in Bionic, Focal and Jammy
** Description changed:
+ The versions in Bionic and Focal are vulnerable to CVE-2020-17525.
+
The version in Jammy is vulnerable to CVE-2021-28544
17 matches
Mail list logo
