subversion (1.14.1-3ubuntu0.1) impish-security; urgency=medium
* SECURITY UPDATE: Use-after-free of object-pools when used as httpd module
- debian/patches/CVE-2022-24070.patch: Register cleanup handler to reset
authz initialization state in subversion/libsvn_repos/authz.c
- CVE-2022-24070
* SECURITY UPDATE: Disclosure of copyfrom paths that should be hidden
according to configured path-based authz rules when copying.
- debian/patches/CVE-2021-28544.patch: Do not expose copyfrom information
if path is configured private with authz.
- CVE-2021-28544
-- Spyros Seimenis <email address hidden> Tue, 05 Apr 2022 17:57:55 +0300
