CVE-2024-46901: It has been discovered that the patch for CVE-2013-1968 was incomplete and unintentionally left mod_dav_svn vulnerable to control characters in filenames. If a path or a revision-property which contains control characters is committed to a repository then SVN operations served by mod_dav_svn can be disrupted. The above is fixed in 1.14.5.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=13db8a65e920fdde423050e03c0de869205d921f commit 13db8a65e920fdde423050e03c0de869205d921f Author: Sam James <sam@gentoo.org> AuthorDate: 2025-01-15 20:22:37 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2025-01-15 20:22:37 +0000 dev-vcs/subversion: add 1.14.5 Closes: https://bugs.gentoo.org/923938 Closes: https://bugs.gentoo.org/932536 Closes: https://bugs.gentoo.org/945483 Bug: https://bugs.gentoo.org/946153 Signed-off-by: Sam James <sam@gentoo.org> dev-vcs/subversion/Manifest | 1 + dev-vcs/subversion/subversion-1.14.5.ebuild | 444 ++++++++++++++++++++++++++++ 2 files changed, 445 insertions(+)
subversion-1.14.5 is still on python-3.11, is 3.12 possible ?
