OESA-2022-1647

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1647

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2022-1647.json

JSON Data

https://api.osv.dev/v1/vulns/OESA-2022-1647

Upstream

CVE-2021-28544

CVE-2022-24070

Published

2022-05-11T11:03:46Z

Modified

2025-09-03T06:17:21.548582Z

Summary

subversion security update

Details

Subversion exists to be universally recognized and adopted as an open-source, centralized version control system characterized by its reliability as a safe haven for valuable data; the simplicity of its model and usage; and its ability to support the needs of a wide variety of users and projects, from individuals to large-scale enterprise operations.

Security Fix(es):

Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal copyfrom paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the copyfrom path of the original. This also reveals the fact that the node was copied. Only the copyfrom path is revealed; not its contents. Both httpd and svnserve servers are vulnerable.(CVE-2021-28544)

Subversion s moddavsvn is vulnerable to memory corruption. While looking up path-based authorization rules, moddavsvn servers may attempt to use memory which has already been freed. Affected Subversion moddavsvn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use moddavsvn are not affected.(CVE-2022-24070)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:20.03-LTS-SP1 / subversion

Package

Name: subversion
Purl: pkg:rpm/openEuler/subversion&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.12.2-4.oe1

Ecosystem specific

{
    "src": [
        "subversion-1.12.2-4.oe1.src.rpm"
    ],
    "x86_64": [
        "perl-subversion-1.12.2-4.oe1.x86_64.rpm",
        "python3-subversion-1.12.2-4.oe1.x86_64.rpm",
        "ruby-subversion-1.12.2-4.oe1.x86_64.rpm",
        "subversion-1.12.2-4.oe1.x86_64.rpm",
        "subversion-debuginfo-1.12.2-4.oe1.x86_64.rpm",
        "subversion-debugsource-1.12.2-4.oe1.x86_64.rpm",
        "subversion-devel-1.12.2-4.oe1.x86_64.rpm"
    ],
    "aarch64": [
        "perl-subversion-1.12.2-4.oe1.aarch64.rpm",
        "python3-subversion-1.12.2-4.oe1.aarch64.rpm",
        "ruby-subversion-1.12.2-4.oe1.aarch64.rpm",
        "subversion-1.12.2-4.oe1.aarch64.rpm",
        "subversion-debuginfo-1.12.2-4.oe1.aarch64.rpm",
        "subversion-debugsource-1.12.2-4.oe1.aarch64.rpm",
        "subversion-devel-1.12.2-4.oe1.aarch64.rpm"
    ],
    "noarch": [
        "subversion-help-1.12.2-4.oe1.noarch.rpm"
    ]
}

openEuler:20.03-LTS-SP3 / subversion

Package

Name: subversion
Purl: pkg:rpm/openEuler/subversion&distro=openEuler-20.03-LTS-SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.12.2-4.oe1

Ecosystem specific

{
    "src": [
        "subversion-1.12.2-4.oe1.src.rpm"
    ],
    "x86_64": [
        "perl-subversion-1.12.2-4.oe1.x86_64.rpm",
        "python3-subversion-1.12.2-4.oe1.x86_64.rpm",
        "ruby-subversion-1.12.2-4.oe1.x86_64.rpm",
        "subversion-1.12.2-4.oe1.x86_64.rpm",
        "subversion-debuginfo-1.12.2-4.oe1.x86_64.rpm",
        "subversion-debugsource-1.12.2-4.oe1.x86_64.rpm",
        "subversion-devel-1.12.2-4.oe1.x86_64.rpm"
    ],
    "aarch64": [
        "perl-subversion-1.12.2-4.oe1.aarch64.rpm",
        "python3-subversion-1.12.2-4.oe1.aarch64.rpm",
        "ruby-subversion-1.12.2-4.oe1.aarch64.rpm",
        "subversion-1.12.2-4.oe1.aarch64.rpm",
        "subversion-debuginfo-1.12.2-4.oe1.aarch64.rpm",
        "subversion-debugsource-1.12.2-4.oe1.aarch64.rpm",
        "subversion-devel-1.12.2-4.oe1.aarch64.rpm"
    ],
    "noarch": [
        "subversion-help-1.12.2-4.oe1.noarch.rpm"
    ]
}

openEuler:22.03-LTS / subversion

Package

Name: subversion
Purl: pkg:rpm/openEuler/subversion&distro=openEuler-22.03-LTS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.14.1-2.oe2203

Ecosystem specific

{
    "src": [
        "subversion-1.14.1-2.oe2203.src.rpm"
    ],
    "x86_64": [
        "perl-subversion-1.14.1-2.oe2203.x86_64.rpm",
        "python3-subversion-1.14.1-2.oe2203.x86_64.rpm",
        "ruby-subversion-1.14.1-2.oe2203.x86_64.rpm",
        "subversion-1.14.1-2.oe2203.x86_64.rpm",
        "subversion-debuginfo-1.14.1-2.oe2203.x86_64.rpm",
        "subversion-debugsource-1.14.1-2.oe2203.x86_64.rpm",
        "subversion-devel-1.14.1-2.oe2203.x86_64.rpm"
    ],
    "aarch64": [
        "perl-subversion-1.14.1-2.oe2203.aarch64.rpm",
        "python3-subversion-1.14.1-2.oe2203.aarch64.rpm",
        "ruby-subversion-1.14.1-2.oe2203.aarch64.rpm",
        "subversion-1.14.1-2.oe2203.aarch64.rpm",
        "subversion-debuginfo-1.14.1-2.oe2203.aarch64.rpm",
        "subversion-debugsource-1.14.1-2.oe2203.aarch64.rpm",
        "subversion-devel-1.14.1-2.oe2203.aarch64.rpm"
    ],
    "noarch": [
        "subversion-help-1.14.1-2.oe2203.noarch.rpm"
    ]
}