Upstream has issued updates that fixes CVE-2020-17525.
Fixed in 1.10.7 and 1.14.1
Subversion has been updated to fix a remote unauthenticated denial-of-service in Subversion mod_authz_svn.
Uploaded to core/updates_testing
1.14.1 needs to be pushed in mga8.
I've sent a Freeze push request to @dev.
RedHat has issued an advisory for this on February 15:
Subversion security issue CVE-2020-17525 =>
subversion new security issue CVE-2020-17525Status comment:
Fixed upstream in 1.10.7 and 1.14.1Severity:
Fixed in Cauldron and awaiting validation for mga7.
MGA7TOO, MGA8TOO =>
Fixed upstream in 1.10.7 and 1.14.1 =>
MGA7-64 MATE on PeaqC1011
No installation issues
Following Dave's lead fom bug 10895, I run into problems:
$ cd Documents/
$ svnadmin create --fs-type fsfs /home/tester7/Documents/svn
$ mkdir project
$ cd project/
$ mkdir bin
$ mkdir src
$ mkdir doc
$ echo test>doc/index.html
$ echo stuff>src/Makefile
$ svn import /home/tester7/Documents/project/ file:///home/tester7/Documents/svn/project
svn: E205007: Could not use external editor to fetch log message; consider setting the $SVN_EDITOR environment variable or using the --message (-m) or --file (-F) options
svn: E205007: None of the environment variables SVN_EDITOR, VISUAL or EDITOR are set, and no 'editor-cmd' run-time configuration option was found
I cann't imagine I would have to set these manually????
It seems that no one of SVN_EDITOR, VISUAL or EDITOR variables have been set for this user account.
These are not set by default.
So, I think you must set them beforehand.
Well, I've not seen these noticed on the previous updates. I'm pretty sure i would have noted it when such thing was needed, and I trust Dave would have done the same.
I noticed that - comparing the notes with the actual config files in /etc, that there are some changs to the subversion configs.
But anyway, in the years I have been testing updates before, I've never came across this situation. And I don't like it a bit.
svn has always done that
Debian has issued an advisory for this on February 13: