[SECURITY] Fedora 36 Update: subversion-1.14.2-5.fc36

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2022-2af658b090 2022-07-15 01:15:23.604948 -------------------------------------------------------------------------------- Name : subversion Product : Fedora 36 Version : 1.14.2 Release : 5.fc36 URL : https://subversion.apache.org/ Summary : A Modern Concurrent Version Control System Description : Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file. Subversion is intended to be a compelling replacement for CVS. -------------------------------------------------------------------------------- Update Information: This update includes the latest stable release of _Apache Subversion_, version **1.14.2**. This update addresses two security issues, `CVE-2021-28544` and `CVE-2022-24070`. For more information see https://subversion.apache.org/security/CVE-2022-24070-advisory.txt and https://subversion.apache.org/security/CVE-2021-28544-advisory.txt ### Client- side bugfixes: * Don't show unreadable copyfrom paths in 'svn log -v' * Fix -r option documentation for some svnadmin subcommands * Fix error message encoding when system() call fails * Fix assertion failure in conflict resolver ### Client-side improvements and bugfixes: * Support multiple working copy formats (1.8-onward, 1.15) ### Server-side bugfixes: * Fix use-after-free of object- pools when running in httpd (issue [SVN-4880](https://issues.apache.org/jira/browse/SVN-4880)) -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 5 2022 Joe Orton <jorton(a)redhat.com&gt; - 1.14.2-5 - disable libmagic during test runs * Tue Jul 5 2022 Joe Orton <jorton(a)redhat.com&gt; - 1.14.2-4 - update for new Java arches and bump to JDK 17 (#2103909) * Mon Jun 13 2022 Python Maint <python-maint(a)redhat.com&gt; - 1.14.2-3 - Rebuilt for Python 3.11 * Tue May 31 2022 Jitka Plesnikova <jplesnik(a)redhat.com&gt; - 1.14.2-2 - Perl 5.36 rebuild * Wed May 4 2022 Joe Orton <jorton(a)redhat.com&gt; - 1.14.2-1 - update to 1.14.2 (#2073852, CVE-2021-28544, CVE-2022-24070) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2074772 - CVE-2022-24070 subversion: Subversion's mod_dav_svn is vulnerable to memory corruption https://bugzilla.redhat.com/show_bug.cgi?id=2074772 [ 2 ] Bug #2074780 - CVE-2021-28544 subversion: SVN authz protected copyfrom paths regression https://bugzilla.redhat.com/show_bug.cgi?id=2074780 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-2af658b090' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------