FS#74820 - [subversion] 1.14.2 fixes two CVEs
Attached to Project:
Arch Linux
Opened by Chih-Hsuan Yen (yan12125) - Sunday, 22 May 2022, 08:54 GMT
Last edited by Toolybird (Toolybird) - Sunday, 13 November 2022, 05:46 GMT
Opened by Chih-Hsuan Yen (yan12125) - Sunday, 22 May 2022, 08:54 GMT
Last edited by Toolybird (Toolybird) - Sunday, 13 November 2022, 05:46 GMT
|
Details
Description:
subversion 1.14.2 fixes CVE-2021-28544 and CVE-2022-24070 [1]. A working PKGBUILD is attached. Besides trivial bumping, a new key is added to validpgpkeys. The new key EC25FCC105618D04ADB43429C4416167349A3BCB is mentioned in [1], and it seems owned by Mark Phippard. I cannot find a cross-signature from any of current keys in PKGBUILD, though. Additional info: [1] https://lists.apache.org/thread/kh7wk6rvbnwwcbmd633hrw0txjmq5d8d Steps to reproduce: N/A |
This task depends upon
Closed by Toolybird (Toolybird)
Sunday, 13 November 2022, 05:46 GMT
Reason for closing: Fixed
Additional comments about closing: subversion 1.14.2-1
Sunday, 13 November 2022, 05:46 GMT
Reason for closing: Fixed
Additional comments about closing: subversion 1.14.2-1