[Git][security-tracker-team/security-tracker][master] LTS: update subversion notes in dla-needed.txt

Roberto C. Sánchez (@roberto) roberto at debian.org
Wed May 25 15:22:53 BST 2022



Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e6d54956 by Roberto C. Sánchez at 2022-05-25T10:22:29-04:00
LTS: update subversion notes in dla-needed.txt

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -265,6 +265,9 @@ subversion (Roberto C. Sánchez)
   NOTE: 20220422: Upstream's patch for CVE-2021-28544 does not cleanly apply (eg. "copyfrom_path = apr_pstrdup(...)" assignment)
   NOTE: 20220422: and, once applied manually, appears to break multiple and possibly unrelated parts of the testsuite. (lamby)
   NOTE: 20220501: Done some analysis, worked on a patch, cannot find a way to test it, mailed results to Roberto C. Sánchez (enrico)
+  NOTE: 20220525: Based on the results of Enrico's analysis and some further work, I was able to have the test execute reliably (roberto)
+  NOTE: 20220525: The test passes, which seems to indicate that the vulnerability does not affect 1.9.5 (roberto)
+  NOTE: 20220525: I have asked Enrico to replicate my findings (roberto)
 --
 systemd
   NOTE: 20220524: CVE-2020-1712 marked for update but didn't make it to 9.13



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6d54956dfb7f0f49c844d76f4996d63cce2f3b6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6d54956dfb7f0f49c844d76f4996d63cce2f3b6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220525/6b9ce145/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list