MGASA-2022-0140 - Updated subversion packages fix security vulnerability Publication date: 13 Apr 2022 URL: https://advisories.mageia.org/MGASA-2022-0140.html Type: security Affected Mageia releases: 8 CVE: CVE-2021-28544, CVE-2022-24070 SVN authz protected copyfrom paths regression. (CVE-2021-28544) Subversion's mod_dav_svn is vulnerable to memory corruption. (CVE-2022-24070) References: - https://bugs.mageia.org/show_bug.cgi?id=30274 - https://subversion.apache.org/security/CVE-2021-28544-advisory.txt - https://subversion.apache.org/security/CVE-2022-24070-advisory.txt - https://www.openwall.com/lists/oss-security/2022/04/12/2 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28544 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24070 SRPMS: - 8/core/subversion-1.14.2-1.mga8