Your message dated Sat, 13 Feb 2021 17:02:07 +0000 with message-id <e1layj5-0002st...@fasolo.debian.org> and subject line Bug#982464: fixed in subversion 1.10.4-1+deb10u2 has caused the Debian Bug report #982464, regarding subversion: CVE-2020-17525: Remote unauthenticated denial-of-service in Subversion mod_authz_svn to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 982464: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982464 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: subversion Version: 1.14.0-3 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 1.10.4-1+deb10u1 Control: found -1 1.10.4-1 Hi, The following vulnerability was published for subversion. CVE-2020-17525[0]: | Remote unauthenticated denial-of-service in Subversion mod_authz_svn If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-17525 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17525 [1] https://subversion.apache.org/security/CVE-2020-17525-advisory.txt Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: subversion Source-Version: 1.10.4-1+deb10u2 Done: James McCoy <james...@debian.org> We believe that the bug you reported is fixed in the latest version of subversion, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 982...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. James McCoy <james...@debian.org> (supplier of updated subversion package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 10 Feb 2021 15:15:45 -0500 Source: subversion Architecture: source Version: 1.10.4-1+deb10u2 Distribution: buster-security Urgency: high Maintainer: James McCoy <james...@debian.org> Changed-By: James McCoy <james...@debian.org> Closes: 982464 Changes: subversion (1.10.4-1+deb10u2) buster-security; urgency=high . * Backport security fixes from upstream: + CVE-2020-17525: Remote unauthenticated denial-of-service in Subversion mod_authz_svn (Closes: #982464) Checksums-Sha1: 4083a6149bc1db2459225024cec7d2f1b246dfc9 3399 subversion_1.10.4-1+deb10u2.dsc 0327270ece76ecfec4fb065ecccec3fb4cd8cdb9 438360 subversion_1.10.4-1+deb10u2.debian.tar.xz Checksums-Sha256: fe2ad642c6b717e43a3e65e244ca13aa2cd20a2242d21e115f04ef173fadc9ab 3399 subversion_1.10.4-1+deb10u2.dsc af81a4228e6b41ef533d95a40fc73ea5b67dfceb3054f57cd7bcb9d42596af7c 438360 subversion_1.10.4-1+deb10u2.debian.tar.xz Files: 9c38b90649c75e5c32ecb028b0f192b5 3399 vcs optional subversion_1.10.4-1+deb10u2.dsc ccfb1e3f3c41c3816263f4a1f494f045 438360 vcs optional subversion_1.10.4-1+deb10u2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEkb+/TWlWvV33ty0j3+aRrjMbo9sFAmAnF0JfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDkx QkZCRjRENjk1NkJENURGN0I3MkQyM0RGRTY5MUFFMzMxQkEzREIACgkQ3+aRrjMb o9tpBBAAmu8FT8lU8qy0EnuESCJr9v8CIH2tLBaoUiiP9FNv8Z09Bo79ka56NC9C CJOXwRlBTQwHW7WfaAVGu9hFOiwv/sSaNxp23EJedfhtrmCiE+Lg9kY97Efo8v1f /RtmhiR7AjJ5kK7hhDIwY/PwhbD3YZSWNdEjrPVdIfHw/+AOeYXHRcRu7JYFqPe/ H40esZjTlAtoBtSoafRX6e6tpJCyCPdf5fAvJ6I4qR02hOzh2/S9Xanqe+7rHbE0 nqOZxysds8gtHkR5909m/BFj2YrOIu5R005+CWrR16ulvifxeZwcLeUARbCokAtw QZkTtEqz4cbWseBUjaQQVlpM0C47XzE1RDWdIdqtebbarse0Az7nurhZzVaOFr8q kW5p126BUmYFA1XFGPQtSsaHhk37jUxS4mLT98Id2Y96iIa+ZCdmJp19UcbGPvJo JMhMerNsZvyFXsyrgkej47wwfsxN/Jf9hs7YBqBHW3id1s7TthvzaFhAE2SBxcMj 2TfeNR3aBYUL0eb7nRltEi6EulBWN2MV29CbR3VFODWs910DSF3693kYwwUAbnK3 P9FwAh8BH4JKt9bKAXfVwQlMNpUuxNYA06XSSdihCj7uBuo8vtW+B4rjliWrK6Z6 5a1kyTvUuIMrW5SIzP52ekXNZ0oUCrHkBveBoU/NO5XDj1KKy7c= =BRzK -----END PGP SIGNATURE-----
--- End Message ---
