Back to bug 2074780
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Avinash Hanwate | 2022-04-13 04:54:53 UTC | Depends On | 2074781 | |
| Avinash Hanwate | 2022-04-13 04:59:15 UTC | Blocks | 2074782 | |
| Avinash Hanwate | 2022-04-13 15:55:39 UTC | Priority | high | medium |
| Severity | high | medium | ||
| Mauro Matteo Cascella | 2022-04-13 16:02:37 UTC | Fixed In Version | Subversion httpd and svnserve servers 1.14.2, Subversion httpd and svnserve servers 1.10.8 | subversion 1.14.2, subversion 1.10.8 |
| Mauro Matteo Cascella | 2022-04-19 14:39:09 UTC | Priority | medium | low |
| Severity | medium | low | ||
| Mauro Matteo Cascella | 2022-04-19 14:40:41 UTC | Depends On | 2076651, 2076650, 2076652 | |
| Mauro Matteo Cascella | 2022-04-19 15:00:22 UTC | Doc Text | A flaw was found in Subversion. When path-based authorization (authz) is used, the helper function detect_changed() does not omit potentially sensitive information from log messages. In particular, if a node has been copied from a protected location, its 'copyfrom' path (the path to the protected location) is reported even if is should be omitted. | |
| RaTasha Tillery-Smith | 2022-04-20 12:25:51 UTC | Doc Text | A flaw was found in Subversion. When path-based authorization (authz) is used, the helper function detect_changed() does not omit potentially sensitive information from log messages. In particular, if a node has been copied from a protected location, its 'copyfrom' path (the path to the protected location) is reported even if is should be omitted. | A flaw was found in Subversion. When using path-based authorization (authz), the helper function detect_changed() does not omit potentially sensitive information from log messages. In particular, if a node is copied from a protected location, its 'copyfrom' path (the path to the protected location) is reported even when omission should occur. |
| Red Hat Bugzilla | 2023-07-07 08:30:36 UTC | Assignee | security-response-team | nobody |
Back to bug 2074780