Subversion servers reveal 'copyfrom' paths that should be hidden according
to configured path-based authorization (authz) rules. When a node has been
copied from a protected location, users with access to the copy can see the
'copyfrom' path of the original. This also reveals the fact that the node
was copied. Only the 'copyfrom' path is revealed; not its contents. Both
httpd and svnserve servers are vulnerable.
While looking up path-based authorization rules, mod_dav_svn servers
may attempt to use memory which has already been freed.
Please bump to 1.14.2.
The bug has been referenced in the following commit(s):
Author: Sam James <firstname.lastname@example.org>
AuthorDate: 2022-06-08 07:09:24 +0000
Commit: Sam James <email@example.com>
CommitDate: 2022-06-08 07:09:35 +0000
dev-vcs/subversion: add 1.14.2
Signed-off-by: Sam James <firstname.lastname@example.org>
dev-vcs/subversion/Manifest | 1 +
.../files/subversion-1.14.2-python3.11.patch | 16 +
dev-vcs/subversion/subversion-1.14.2.ebuild | 441 +++++++++++++++++++++
3 files changed, 458 insertions(+)