Overview

File _patchinfo of Package patchinfo.23578

<patchinfo incident="23578">
  <issue tracker="cve" id="2022-24070"/>
  <issue tracker="cve" id="2021-28544"/>
  <issue tracker="bnc" id="1197940">VUL-0: EMBARGOED: CVE-2022-24070: subversion: Subversion's mod_dav_svn is vulnerable to memory corruption</issue>
  <issue tracker="bnc" id="1197939">VUL-0: EMBARGOED: CVE-2021-28544: subversion: SVN authz protected copyfrom paths regression</issue>
  <packager>dspinella</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for subversion</summary>
  <description>This update for subversion fixes the following issues:

- CVE-2022-24070: Fixed a memory corruption issue in mod_dav_svn as used by Apache
  HTTP server. This could be exploited by a remote attacker to cause a denial of
  service (bsc#1197940).
- CVE-2021-28544: Fixed an information leak issue where Subversion servers may
  reveal the original path of files protected by path-based authorization
  (bsc#1197939).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places