ALT-PU-2025-1376-1
Package subversion updated to version 1.14.5-alt1 for branch p10_e2k.
Closed vulnerabilities
BDU:2022-05773
Уязвимость централизованной системы управления версиями Subversion, связанная с неправильной авторизацией, позволяющая нарушителю получить доступ к конфиденциальным данным
BDU:2022-05791
Уязвимость модуля mod_dav_svn централизованной системы управления версиями Subversion, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2021-28544
Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable.
- 20220721 APPLE-SA-2022-07-20-2 macOS Monterey 12.5
- 20220721 APPLE-SA-2022-07-20-2 macOS Monterey 12.5
- FEDORA-2022-2af658b090
- FEDORA-2022-2af658b090
- FEDORA-2022-13cc09ecf2
- FEDORA-2022-13cc09ecf2
- https://subversion.apache.org/security/CVE-2021-28544-advisory.txt
- https://subversion.apache.org/security/CVE-2021-28544-advisory.txt
- https://support.apple.com/kb/HT213345
- https://support.apple.com/kb/HT213345
- DSA-5119
- DSA-5119
Modified: 2024-11-21
CVE-2022-24070
Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected.
- 20220721 APPLE-SA-2022-07-20-2 macOS Monterey 12.5
- 20220721 APPLE-SA-2022-07-20-2 macOS Monterey 12.5
- https://bz.apache.org/bugzilla/show_bug.cgi?id=65861
- https://bz.apache.org/bugzilla/show_bug.cgi?id=65861
- https://cwiki.apache.org/confluence/display/HTTPD/ModuleLife
- https://cwiki.apache.org/confluence/display/HTTPD/ModuleLife
- https://issues.apache.org/jira/browse/SVN-4880
- https://issues.apache.org/jira/browse/SVN-4880
- FEDORA-2022-2af658b090
- FEDORA-2022-2af658b090
- FEDORA-2022-13cc09ecf2
- FEDORA-2022-13cc09ecf2
- https://support.apple.com/kb/HT213345
- https://support.apple.com/kb/HT213345
- DSA-5119
- DSA-5119
Modified: 2025-02-11
CVE-2024-45720
On Windows platforms, a "best fit" character encoding conversion of command line arguments to Subversion's executables (e.g., svn.exe, etc.) may lead to unexpected command line argument interpretation, including argument injection and execution of other programs, if a specially crafted command line argument string is processed. All versions of Subversion up to and including Subversion 1.14.3 are affected on Windows platforms only. Users are recommended to upgrade to version Subversion 1.14.4, which fixes this issue. Subversion is not affected on UNIX-like platforms.
CVE-2024-46901
Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository. All versions of Subversion up to and including Subversion 1.14.4 are affected if serving repositories via mod_dav_svn. Users are recommended to upgrade to version 1.14.5, which fixes this issue. Repositories served via other access methods are not affected.
Closed bugs
rebuild with swig-4.1.1 produces undefined symbol: SWIG_InstallConstants