From e6d54956dfb7f0f49c844d76f4996d63cce2f3b6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Roberto=20C=2E=20S=C3=A1nchez?= <roberto@debian.org>
Date: Wed, 25 May 2022 10:22:29 -0400
Subject: LTS: update subversion notes in dla-needed.txt

---
 data/dla-needed.txt | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'data/dla-needed.txt')

diff --git a/data/dla-needed.txt b/data/dla-needed.txt
index 4dbf6677b6..7481a48043 100644
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -265,6 +265,9 @@ subversion (Roberto C. Sánchez)
   NOTE: 20220422: Upstream's patch for CVE-2021-28544 does not cleanly apply (eg. "copyfrom_path = apr_pstrdup(...)" assignment)
   NOTE: 20220422: and, once applied manually, appears to break multiple and possibly unrelated parts of the testsuite. (lamby)
   NOTE: 20220501: Done some analysis, worked on a patch, cannot find a way to test it, mailed results to Roberto C. Sánchez (enrico)
+  NOTE: 20220525: Based on the results of Enrico's analysis and some further work, I was able to have the test execute reliably (roberto)
+  NOTE: 20220525: The test passes, which seems to indicate that the vulnerability does not affect 1.9.5 (roberto)
+  NOTE: 20220525: I have asked Enrico to replicate my findings (roberto)
 --
 systemd
   NOTE: 20220524: CVE-2020-1712 marked for update but didn't make it to 9.13
-- 
cgit v1.2.3