<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">

<title>

GitLab

</title>

<style>img {

max-width: 100%; height: auto;

}

</style>

</head>

<body>

<div class="content">

<h3>

Salvatore Bonaccorso pushed to branch master

at <a href="https://salsa.debian.org/security-tracker-team/security-tracker">Debian Security Tracker / security-tracker</a>

</h3>

<h4>

Commits:

</h4>

<ul>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2fd1d388608912e77f5d28bc11e5998b12c91417">2fd1d388</a></strong>

<div>

<span>by Salvatore Bonaccorso</span>

<i>at 2021-02-15T05:55:59+01:00</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Revert "mark CVE-2020-17525 as not-affected for subversion"

This reverts commit a2368bbbf02e0ebb4ff1cf2e72d8642c81e14623.

Upstream states at

https://subversion.apache.org/security/CVE-2020-17525-advisory.txt that

all versions in the 1.9.x series are affected as well. But in fact there

waere major code refactoring. The missing checking in older versions

seem to be missing in the get_repos_config() in the

libsvn_repos/config_pool.c instead of libsvn_repos/config_file.c.

That said, though please verify again my above comment and in case it

turns to be wrong, just revert again this revert, but I wanted to play

on safe side.

</pre>

</li>

</ul>

<h4>1 changed file:</h4>

<ul>

<li class="file-stats">

<a href="#4716ef5aa8f2742228ba3b3633215c8b808565e3">

data/CVE/list

</a>

</li>

</ul>

<h4>Changes:</h4>

<li id="4716ef5aa8f2742228ba3b3633215c8b808565e3">

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2fd1d388608912e77f5d28bc11e5998b12c91417#4716ef5aa8f2742228ba3b3633215c8b808565e3"><strong>data/CVE/list</strong></a>

<hr>

No preview for this file type

<br>

</li>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #666;">

—

<br>

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2fd1d388608912e77f5d28bc11e5998b12c91417">View it on GitLab</a>.

<br>

You're receiving this email because of your account on salsa.debian.org.

If you'd like to receive fewer emails, you can

adjust your notification settings.

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Commit","url":"https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2fd1d388608912e77f5d28bc11e5998b12c91417"}}</script>

</p>

</div>

</body>

</html>