aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/subversion/subversion_1.8.9.bb
diff options
context:
space:
mode:
authorYue Tao <Yue.Tao@windriver.com>2014-10-22 03:37:29 -0400
committerRichard Purdie <richard.purdie@linuxfoundation.org>2014-11-04 10:19:53 +0000
commite0dc0432b13f38d16f642bdadf8ebc78b7a74806 (patch)
tree4dcbb70d0c630139ba49bce0936a3d193eb27a35 /meta/recipes-devtools/subversion/subversion_1.8.9.bb
parent06a33cd00ea11abec1ebe9d5883e44778075ccc6 (diff)
downloadopenembedded-core-contrib-e0dc0432b13f38d16f642bdadf8ebc78b7a74806.tar.gz
subversion: Security Advisory - subversion - CVE-2014-3528
Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3528 Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Diffstat (limited to 'meta/recipes-devtools/subversion/subversion_1.8.9.bb')
-rw-r--r--meta/recipes-devtools/subversion/subversion_1.8.9.bb1
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-devtools/subversion/subversion_1.8.9.bb b/meta/recipes-devtools/subversion/subversion_1.8.9.bb
index e1ab945896..1ef59a0c00 100644
--- a/meta/recipes-devtools/subversion/subversion_1.8.9.bb
+++ b/meta/recipes-devtools/subversion/subversion_1.8.9.bb
@@ -13,6 +13,7 @@ SRC_URI = "${APACHE_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
file://libtool2.patch \
file://disable_macos.patch \
file://subversion-CVE-2014-3522.patch;striplevel=0 \
+ file://subversion-CVE-2014-3528.patch \
"
SRC_URI[md5sum] = "bd495517a760ddd764ce449a891971db"
SRC_URI[sha256sum] = "45d708a5c3ffbef4b2a1044c4716a053e680763743d1f7ba99d0369f6da49e33"
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-19 16:24:48 +0000