subversion: fix CVE-2015-3184 - openembedded-core-contrib - OpenEmbedded Core user contribution trees

diff options

author	Wenzong Fan <wenzong.fan@windriver.com>	2016-02-06 15:14:48 -0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2016-02-07 17:20:58 +0000
commit	e4a1caecc5ae6b8488ec8ed7d303296af99146c0 (patch)
tree	594006092ba81bc127e5fa13f9d5a522619f50a1 /.templateconf
parent	5e73d0e88c28ca1e948f5c463b9d9d1001251a42 (diff)
download	openembedded-core-contrib-e4a1caecc5ae6b8488ec8ed7d303296af99146c0.tar.gz

subversion: fix CVE-2015-3184

mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name. Patch is from: http://subversion.apache.org/security/CVE-2015-3184-advisory.txt (From OE-Core master rev: 29eb921ed074d86fa8d5b205a313eb3177473a63) (From OE-Core rev: 7af7a3e692a6cd0d92768024efe32bfa7d83bc8f) Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to '.templateconf')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: