diff options
| author |   Wenzong Fan <wenzong.fan@windriver.com> | 2015-11-17 00:38:41 -0500 |
|---|---|---|
| committer |   Robert Yang <liezhi.yang@windriver.com> | 2015-12-08 00:18:12 -0800 |
| commit | 7af7a3e692a6cd0d92768024efe32bfa7d83bc8f (patch) | |
| tree | f7fbe4c57a0ed7a750125cbbcd653a8b281ea025 /meta/recipes-devtools/subversion/subversion_1.8.13.bb | |
| parent | 3671e20cb31f0a5c11939f3c5ba2d088db08e705 (diff) | |
| download | openembedded-core-contrib-7af7a3e692a6cd0d92768024efe32bfa7d83bc8f.tar.gz | |
subversion: fix CVE-2015-3184
mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before
1.8.14, when using Apache httpd 2.4.x, does not properly restrict
anonymous access, which allows remote anonymous users to read hidden
files via the path name.
Patch is from:
http://subversion.apache.org/security/CVE-2015-3184-advisory.txt
(From OE-Core master rev: 29eb921ed074d86fa8d5b205a313eb3177473a63)
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Diffstat (limited to 'meta/recipes-devtools/subversion/subversion_1.8.13.bb')
| -rw-r--r-- | meta/recipes-devtools/subversion/subversion_1.8.13.bb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-devtools/subversion/subversion_1.8.13.bb b/meta/recipes-devtools/subversion/subversion_1.8.13.bb index 9c9bdb192b..9505247be5 100644 --- a/meta/recipes-devtools/subversion/subversion_1.8.13.bb +++ b/meta/recipes-devtools/subversion/subversion_1.8.13.bb @@ -14,6 +14,7 @@ SRC_URI = "${APACHE_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \ file://libtool2.patch \ file://disable_macos.patch \ file://serf.m4-Regex-modified-to-allow-D-in-paths.patch \ + file://subversion-CVE-2015-3184.patch \ " SRC_URI[md5sum] = "4413417b529d7bdf82f74e50df02e88b" SRC_URI[sha256sum] = "1099cc68840753b48aedb3a27ebd1e2afbcc84ddb871412e5d500e843d607579" |