diff -Nru subversion-1.13.0/debian/changelog subversion-1.13.0/debian/changelog
--- subversion-1.13.0/debian/changelog	2022-04-08 10:43:33.000000000 +0100
+++ subversion-1.13.0/debian/changelog	2022-05-12 21:47:08.000000000 +0100
@@ -1,3 +1,13 @@
+subversion (1.13.0-3ubuntu0.2) focal-security; urgency=medium
+
+  * SECURITY UPDATE: Remote unauthenticated denial-of-service in Subversion
+    mod_authz_svn (LP: #1970228)
+    - debian/patches/CVE-2020-17525.patch: Check for NULL repos_root_dirent in
+      subversion/libsvn_repos/config_file.c.
+    - CVE-2020-17525
+
+ -- Luís Infante da Câmara <luis.infante.da.camara@tecnico.ulisboa.pt>  Thu, 12 May 2022 21:47:08 +0100
+
 subversion (1.13.0-3ubuntu0.1) focal-security; urgency=medium
 
   * SECURITY UPDATE: Use-after-free of object-pools when used as httpd module
diff -Nru subversion-1.13.0/debian/patches/CVE-2020-17525.patch subversion-1.13.0/debian/patches/CVE-2020-17525.patch
--- subversion-1.13.0/debian/patches/CVE-2020-17525.patch	1970-01-01 01:00:00.000000000 +0100
+++ subversion-1.13.0/debian/patches/CVE-2020-17525.patch	2022-05-12 21:47:08.000000000 +0100
@@ -0,0 +1,13 @@
+--- subversion-1.13.0.orig/subversion/libsvn_repos/config_file.c	(revision 1883994)
++++ subversion-1.13.0/subversion/libsvn_repos/config_file.c	(working copy)
+@@ -237,6 +237,10 @@ get_repos_config(svn_stream_t **stream,
+     {
+       /* Search for a repository in the full path. */
+       repos_root_dirent = svn_repos_find_root_path(dirent, scratch_pool);
++      if (repos_root_dirent == NULL)
++        return svn_error_trace(handle_missing_file(stream, checksum, access,
++                                                   url, must_exist,
++                                                   svn_node_none));
+ 
+       /* Attempt to open a repository at repos_root_dirent. */
+       SVN_ERR(svn_repos_open3(&access->repos, repos_root_dirent, NULL,
diff -Nru subversion-1.13.0/debian/patches/series subversion-1.13.0/debian/patches/series
--- subversion-1.13.0/debian/patches/series	2022-04-08 10:43:21.000000000 +0100
+++ subversion-1.13.0/debian/patches/series	2022-05-12 21:47:08.000000000 +0100
@@ -14,3 +14,4 @@
 swig.m4-Do-not-include-ruby-include-subdir.patch
 CVE-2021-28544.patch
 CVE-2022-24070.patch
+CVE-2020-17525.patch