]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 0f3fb5b) | patch
subversion: fix CVE-2015-3184
authorWenzong Fan <wenzong.fan@windriver.com>
Tue, 17 Nov 2015 05:38:41 +0000 (00:38 -0500)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Tue, 1 Dec 2015 21:30:56 +0000 (21:30 +0000)
commit29eb921ed074d86fa8d5b205a313eb3177473a63
tree19f45263da958619043cccfb61c163a5f489d950tree | snapshot
parent0f3fb5bbf2fd7db82898fed3281af143387316ffcommit | diff
subversion: fix CVE-2015-3184

mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before
1.8.14, when using Apache httpd 2.4.x, does not properly restrict
anonymous access, which allows remote anonymous users to read hidden
files via the path name.

Patch is from:
http://subversion.apache.org/security/CVE-2015-3184-advisory.txt

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
meta/recipes-devtools/subversion/subversion-1.8.13/subversion-CVE-2015-3184.patch [new file with mode: 0644] blob
meta/recipes-devtools/subversion/subversion_1.8.13.bb diff | blob | history
Mirror of the official openembedded-core repository