[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Return subversion to the pool with comment.

[Chris Lamb (@lamby)]

Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
039ef92d by Chris Lamb at 2022-04-22T11:34:37-07:00
data/dla-needed.txt: Return subversion to the pool with comment.

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -157,7 +157,9 @@ sox
   NOTE: 20220326: CVE-2019-13590 is fixed in git (Anton)
   NOTE: 20220326: fix for CVE-2021-40426 is not yet available (Anton)
 --
-subversion (Chris Lamb)
+subversion
+  NOTE: 20220422: Upstream's patch for CVE-2021-28544 does not cleanly apply (eg. "copyfrom_path = apr_pstrdup(...)" assignment)
+  NOTE: 20220422: and, once applied manually, appears to break multiple and possibly unrelated parts of the testsuite. (lamby)
 --
 tiff (Utkarsh)
   NOTE: 20220404: jessie upload at https://salsa.debian.org/lts-team/packages/tiff.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/039ef92df51344b2fbb03263f108bd63093cb524

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/039ef92df51344b2fbb03263f108bd63093cb524
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220422/05e3ac96/attachment.htm>