subversion: fix CVE-2015-3187 - openembedded-core

diff options

author	Wenzong Fan <wenzong.fan@windriver.com>	2016-02-06 15:14:49 -0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2016-02-07 17:20:58 +0000
commit	b45dcbadc1a51188ac6dead855e14a181a7bccd9 (patch)
tree	da219ff8eaab3a489508532b7853ac40f33434e1 /meta/recipes-devtools/qemu/qemu_2.2.0.bb
parent	e4a1caecc5ae6b8488ec8ed7d303296af99146c0 (diff)
download	openembedded-core-b45dcbadc1a51188ac6dead855e14a181a7bccd9.tar.gz

subversion: fix CVE-2015-3187

The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path. Patch is from: http://subversion.apache.org/security/CVE-2015-3187-advisory.txt (From OE-Core master rev: 6da25614edcad30fdb4bea8ff47b81ff81cdaed2) (From OE-Core rev: e1e277bf51c6f00268358f6bf8623261b1b9bc22) Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'meta/recipes-devtools/qemu/qemu_2.2.0.bb')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: