Your message dated Thu, 11 Feb 2021 03:18:25 +0000 with message-id <e1la2ur-0001t5...@fasolo.debian.org> and subject line Bug#982464: fixed in subversion 1.14.1-1 has caused the Debian Bug report #982464, regarding subversion: CVE-2020-17525: Remote unauthenticated denial-of-service in Subversion mod_authz_svn to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 982464: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982464 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: subversion Version: 1.14.0-3 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 1.10.4-1+deb10u1 Control: found -1 1.10.4-1 Hi, The following vulnerability was published for subversion. CVE-2020-17525[0]: | Remote unauthenticated denial-of-service in Subversion mod_authz_svn If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-17525 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17525 [1] https://subversion.apache.org/security/CVE-2020-17525-advisory.txt Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: subversion Source-Version: 1.14.1-1 Done: James McCoy <james...@debian.org> We believe that the bug you reported is fixed in the latest version of subversion, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 982...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. James McCoy <james...@debian.org> (supplier of updated subversion package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 10 Feb 2021 21:17:14 -0500 Source: subversion Architecture: source Version: 1.14.1-1 Distribution: unstable Urgency: high Maintainer: James McCoy <james...@debian.org> Changed-By: James McCoy <james...@debian.org> Closes: 982084 982464 Changes: subversion (1.14.1-1) unstable; urgency=high . * Update to new upstream version 1.14.1. + Fix FTBFS with OpenJDK 17 (Closes: #982084) + Security fix: - CVE-2020-17525: Remote unauthenticated denial-of-service in Subversion mod_authz_svn (Closes: #982464) Checksums-Sha1: 5bccc10ab2656cd1582ffb2d6d35ccc7df40d605 3807 subversion_1.14.1-1.dsc 0cb09f8746a7ec0958f9c4dc67bdd2293fa9f859 11534165 subversion_1.14.1.orig.tar.gz ca34f173ed0890b0168c04e6846d9995b23a30f1 1288 subversion_1.14.1.orig.tar.gz.asc a3ba357a0072e0ced4ab7e3fbce059d179524d17 429692 subversion_1.14.1-1.debian.tar.xz Checksums-Sha256: 56fef3f578fe9a0aa0535bfe8759fe6d2d88db89d8f64b1be61489c441b6dff9 3807 subversion_1.14.1-1.dsc dee2796abaa1f5351e6cc2a60b1917beb8238af548b20d3e1ec22760ab2f0cad 11534165 subversion_1.14.1.orig.tar.gz 4dafc04642e634f3b75d70d3d707ba8eacc63a4925026402afcb94566f445fa6 1288 subversion_1.14.1.orig.tar.gz.asc 7f56c327762c153a39e7c08a27d5c675c692a63ea03f2b44109803800b8e43b7 429692 subversion_1.14.1-1.debian.tar.xz Files: da2a70c6d10585d613330252a450a034 3807 vcs optional subversion_1.14.1-1.dsc 979fa7480964bd7ebae68558d1de49aa 11534165 vcs optional subversion_1.14.1.orig.tar.gz 3b2f684ec0e018a6107ebda8afe33705 1288 vcs optional subversion_1.14.1.orig.tar.gz.asc 2789d5936dd642b371d76ada815098b9 429692 vcs optional subversion_1.14.1-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKoBAEBCgCSFiEEkb+/TWlWvV33ty0j3+aRrjMbo9sFAmAkm4dfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDkx QkZCRjRENjk1NkJENURGN0I3MkQyM0RGRTY5MUFFMzMxQkEzREIUHGphbWVzc2Fu QGRlYmlhbi5vcmcACgkQ3+aRrjMbo9tulBAAwW2yaMfbesIFq3rJv5X3Dg8P6/t4 kdcCkqiI1lpEXRHYa3ASBVRUqlb+KQGZvjmwLKMquNXVeXmAiA7GUjAAJdUf4Eg/ zJPUU041zV00g4vzFbpL3ws312/fYdRmKp9kIl2mQ3jufnC4B3VZRGU0Ys1rJGzp 1TTisj179UxiJhddjd+0YpXgmI29TxjgYaj9pXmTeYhs8mU/s9Du8tnktduiwt40 BRye9+R4wjLG7KRmv+emOP3GpcJ0OKxe/dxqWm1J2biVyRukapxCFKtt/4spdfoo FGfpwHy3f22+xB4K6j8zrDNfkgb0Y6EmaBjI+EFLkaifKV5t0jO57lkF+pY+6qy7 RGUnsaCOpNuYZNON3Q/IBzMyerLS9+TeinsnWl/271nEBIHLNWmnvk6v0z5Og/H/ 1Uq8quDXLcmZwy9lNI44xanq3bVqZLnsMFTW6CThIgt2ZX7uZ9Ow/2yp6ymCl2y3 64eZeTdoEsisevQoyjYURrwUW9t49zQKdMwrhktpcR+eXmwrv+UUWy3gvOGhF2wG Bj39LwzAgobnOHKkunJ1ECYAgm2W6zNGYDij2z9vPv3EtVrFcjGxnWP4upA9UvIq 51kOptDgu49U/ikJl3HHGYDufheaZWrazu7nVbITEKiUV0JHyry5VVqhlB7vVSCK p1CXBdXT1a7SoL4= =Uixt -----END PGP SIGNATURE-----
--- End Message ---
