<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">
<title>
GitLab
</title>



<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">

<h3>
Roberto C. Sánchez pushed to branch master
at <a href="https://salsa.debian.org/security-tracker-team/security-tracker">Debian Security Tracker / security-tracker</a>
</h3>
<h4>
Commits:
</h4>
<ul>
<li>
<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6d54956dfb7f0f49c844d76f4996d63cce2f3b6">e6d54956</a></strong>
<div>
<span>by Roberto C. Sánchez</span>
<i>at 2022-05-25T10:22:29-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">LTS: update subversion notes in dla-needed.txt
</pre>
</li>
</ul>
<h4>1 changed file:</h4>
<ul>
<li class="file-stats">
<a href="#451c03275399f1318aed4e8b2d621183019720c6">
data/dla-needed.txt
</a>
</li>
</ul>
<h4>Changes:</h4>
<li id="451c03275399f1318aed4e8b2d621183019720c6">
<a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6d54956dfb7f0f49c844d76f4996d63cce2f3b6#451c03275399f1318aed4e8b2d621183019720c6"><strong>data/dla-needed.txt</strong></a>
<hr>
<table class="code white" style="font-family: monospace; font-size: 90%;" bgcolor="#fff" width="100%" cellpadding="0" cellspacing="0">
<tr class="line_holder match" style="line-height: 1.6;">
<td class="diff-line-num unfold js-unfold old_line" data-linenumber="265" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">...</td>
<td class="diff-line-num unfold js-unfold new_line" data-linenumber="265" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">...</td>
<td class="line_content match" style="padding-left: 0.5em; padding-right: 0.5em; color: rgba(0,0,0,0.3);" bgcolor="#fafafa">@@ -265,6 +265,9 @@ subversion (Roberto C. Sánchez)</td>
</tr>
<tr class="line_holder" style="line-height: 1.6;">
<td class="old_line diff-line-num" data-linenumber="265" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
265
</td>
<td class="new_line diff-line-num" data-linenumber="265" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
265
</td>
<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;"><pre style="margin: 0;"> <span id="LC265" class="line" lang="plaintext">  NOTE: 20220422: Upstream's patch for CVE-2021-28544 does not cleanly apply (eg. "copyfrom_path = apr_pstrdup(...)" assignment)</span>
</pre></td>
</tr>
<tr class="line_holder" style="line-height: 1.6;">
<td class="old_line diff-line-num" data-linenumber="266" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
266
</td>
<td class="new_line diff-line-num" data-linenumber="266" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
266
</td>
<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;"><pre style="margin: 0;"> <span id="LC266" class="line" lang="plaintext">  NOTE: 20220422: and, once applied manually, appears to break multiple and possibly unrelated parts of the testsuite. (lamby)</span>
</pre></td>
</tr>
<tr class="line_holder" style="line-height: 1.6;">
<td class="old_line diff-line-num" data-linenumber="267" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
267
</td>
<td class="new_line diff-line-num" data-linenumber="267" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
267
</td>
<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;"><pre style="margin: 0;"> <span id="LC267" class="line" lang="plaintext">  NOTE: 20220501: Done some analysis, worked on a patch, cannot find a way to test it, mailed results to Roberto C. Sánchez (enrico)</span>
</pre></td>
</tr>
<tr class="line_holder new" style="line-height: 1.6;">
<td class="old_line diff-line-num new" data-linenumber="268" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
 
</td>
<td class="new_line diff-line-num new" data-linenumber="268" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
268
</td>
<td class="line_content new" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#ecfdf0"><pre style="margin: 0;">+<span id="LC268" class="line" lang="plaintext">  NOTE: 20220525: Based on the results of Enrico's analysis and some further work, I was able to have the test execute reliably (roberto)</span>
</pre></td>
</tr>
<tr class="line_holder new" style="line-height: 1.6;">
<td class="old_line diff-line-num new" data-linenumber="268" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
 
</td>
<td class="new_line diff-line-num new" data-linenumber="269" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
269
</td>
<td class="line_content new" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#ecfdf0"><pre style="margin: 0;">+<span id="LC269" class="line" lang="plaintext">  NOTE: 20220525: The test passes, which seems to indicate that the vulnerability does not affect 1.9.5 (roberto)</span>
</pre></td>
</tr>
<tr class="line_holder new" style="line-height: 1.6;">
<td class="old_line diff-line-num new" data-linenumber="268" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
 
</td>
<td class="new_line diff-line-num new" data-linenumber="270" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
270
</td>
<td class="line_content new" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#ecfdf0"><pre style="margin: 0;">+<span id="LC270" class="line" lang="plaintext">  NOTE: 20220525: I have asked Enrico to replicate my findings (roberto)</span>
</pre></td>
</tr>
<tr class="line_holder" style="line-height: 1.6;">
<td class="old_line diff-line-num" data-linenumber="268" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
268
</td>
<td class="new_line diff-line-num" data-linenumber="271" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
271
</td>
<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;"><pre style="margin: 0;"> <span id="LC271" class="line" lang="plaintext">--</span>
</pre></td>
</tr>
<tr class="line_holder" style="line-height: 1.6;">
<td class="old_line diff-line-num" data-linenumber="269" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
269
</td>
<td class="new_line diff-line-num" data-linenumber="272" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
272
</td>
<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;"><pre style="margin: 0;"> <span id="LC272" class="line" lang="plaintext">systemd</span>
</pre></td>
</tr>
<tr class="line_holder" style="line-height: 1.6;">
<td class="old_line diff-line-num" data-linenumber="270" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
270
</td>
<td class="new_line diff-line-num" data-linenumber="273" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
273
</td>
<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;"><pre style="margin: 0;"> <span id="LC273" class="line" lang="plaintext">  NOTE: 20220524: CVE-2020-1712 marked for update but didn't make it to 9.13</span>
</pre></td>
</tr>

</table>
<br>
</li>

</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #666;">
—
<br>
<a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6d54956dfb7f0f49c844d76f4996d63cce2f3b6">View it on GitLab</a>.
<br>
You're receiving this email because of your account on salsa.debian.org.
If you'd like to receive fewer emails, you can
adjust your notification settings.
<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Commit","url":"https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6d54956dfb7f0f49c844d76f4996d63cce2f3b6"}}</script>


</p>
</div>
</body>
</html>