f509a22f9d
* use security_fix category in changelogs for CVEs * these fragments do not say CVE but are security fixes Co-authored-by: Alicia Cozine <acozine@users.noreply.github.com>
9 lines
405 B
YAML
9 lines
405 B
YAML
security_fixes:
|
|
- >
|
|
**security issue** - The ``subversion`` module provided the password
|
|
via the svn command line option ``--password`` and can be retrieved
|
|
from the host's /proc/<pid>/cmdline file. Update the module to use
|
|
the secure ``--password-from-stdin`` option instead, and add a warning
|
|
in the module and in the documentation if svn version is too old to
|
|
support it.
|
|
(CVE-2020-1739)
|