fe176e6438
HIS RELEASE CONTAINS TWO IMPORTANT SECURITY FIXES: CVE-2021-28544 "SVN authz protected copyfrom paths regression" The full security advisory for CVE-2021-28544 is available at: https://subversion.apache.org/security/CVE-2021-28544-advisory.txt https://subversion.apache.org/security/CVE-2021-28544-advisory.txt.asc A brief summary of this advisory follows: Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the `copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. We recommend all users to upgrade to a known fixed release of the Subversion server. This issue was reported by Evgeny Kotkov CVE-2022-24070 "Subversion's mod_dav_svn is vulnerable to memory corruption" The full security advisory for CVE-2022-24070 is available at: https://subversion.apache.org/security/CVE-2022-24070-advisory.txt https://subversion.apache.org/security/CVE-2022-24070-advisory.txt.asc A brief summary of this advisory follows: While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. We recommend all users to upgrade to a known fixed release of the Subversion server. This issue was reported by Thomas Weißschuh
11 lines
415 B
Makefile
11 lines
415 B
Makefile
# $NetBSD: Makefile.version,v 1.88 2022/04/12 16:24:28 bsiegert Exp $
|
|
|
|
# When updating subversion, all packages are updated at the same time
|
|
# to have a consistent set of packages. A particularly tricky aspect
|
|
# is our interaction with the svn build system. See the make target
|
|
# "svn-build-outputs-hack" in devel/subversion-base/Makefile when
|
|
# changing the version.
|
|
|
|
.if !defined(SVNVER)
|
|
SVNVER= 1.14.2
|
|
.endif
|