[Git][security-tracker-team/security-tracker][master] Revert "mark CVE-2020-17525 as not-affected for subversion"

Mon Feb 15 04:59:35 GMT 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2fd1d388 by Salvatore Bonaccorso at 2021-02-15T05:55:59+01:00
Revert "mark CVE-2020-17525 as not-affected for subversion"

This reverts commit a2368bbbf02e0ebb4ff1cf2e72d8642c81e14623.

Upstream states at
https://subversion.apache.org/security/CVE-2020-17525-advisory.txt that
all versions in the 1.9.x series are affected as well. But in fact there
waere major code refactoring. The missing checking in older versions
seem to be missing in the get_repos_config() in the
libsvn_repos/config_pool.c instead of libsvn_repos/config_file.c.

That said, though please verify again my above comment and in case it
turns to be wrong, just revert again this revert, but I wanted to play
on safe side.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -49720,7 +49720,6 @@ CVE-2020-17525 [Remote unauthenticated denial-of-service in Subversion mod_authz
 	RESERVED
 	{DSA-4851-1}
 	- subversion 1.14.1-1 (bug #982464)
-	[stretch] - subversion <not-affected> (Vulnerable code not present)
 	NOTE: https://subversion.apache.org/security/CVE-2020-17525-advisory.txt
 CVE-2020-17524
 	REJECTED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2fd1d388608912e77f5d28bc11e5998b12c91417

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2fd1d388608912e77f5d28bc11e5998b12c91417
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210215/78617926/attachment.html>
