Arch Linux

Please read this before reporting a bug:

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#74820 - [subversion] 1.14.2 fixes two CVEs

Attached to Project: Arch Linux
Opened by Chih-Hsuan Yen (yan12125) - Sunday, 22 May 2022, 08:54 GMT
Last edited by Toolybird (Toolybird) - Sunday, 13 November 2022, 05:46 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Felix Yan (felixonmars)
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No



subversion 1.14.2 fixes CVE-2021-28544 and CVE-2022-24070 [1]. A working PKGBUILD is attached. Besides trivial bumping, a new key is added to validpgpkeys. The new key EC25FCC105618D04ADB43429C4416167349A3BCB is mentioned in [1], and it seems owned by Mark Phippard. I cannot find a cross-signature from any of current keys in PKGBUILD, though.

Additional info:

Steps to reproduce:
   PKGBUILD (5.2 KiB)
This task depends upon

Closed by  Toolybird (Toolybird)
Sunday, 13 November 2022, 05:46 GMT
Reason for closing:  Fixed
Additional comments about closing:  subversion 1.14.2-1