On Thu, Feb 11, 2021 at 06:21:08AM +0100, Salvatore Bonaccorso wrote: > Hi James, > > On Wed, Feb 10, 2021 at 08:49:39PM -0500, James McCoy wrote: > > On Wed, Feb 10, 2021 at 09:21:54PM +0100, Salvatore Bonaccorso wrote: > > > Hi James, > > > > > > On Wed, Feb 10, 2021 at 03:20:22PM -0500, James McCoy wrote: > > > > On Wed, Feb 10, 2021 at 03:36:11PM +0100, Salvatore Bonaccorso wrote: > > > > > The following vulnerability was published for subversion. > > > > > > > > > > CVE-2020-17525[0]: > > > > > | Remote unauthenticated denial-of-service in Subversion mod_authz_svn > > > > > > > > I'll have uploads ready for this tonight to both sid and buster. I'll > > > > send the debdiff for review before uploading to buster-security. > > > > > > Ack, thank you! > > > > Buster debdiff attached. > > Looks good to me. Did you got an explicit chance to test the issue > triggering setup?
I was able to verify with a new test upstream provided. Backporting and enabling that test in this upload is too disruptive, though. I'll look into doing that for future sid uploads, as I see that the current packaging is missing protocol specific runs of the test suite. > In any case please feel free to upload to > security-master. Uploaded. Cheers, -- James GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB
