code.ossystems Code Review - openembedded-core.git/commit

author	Yue Tao <Yue.Tao@windriver.com>
	Tue, 15 Apr 2014 07:22:17 +0000 (15:22 +0800)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Wed, 21 May 2014 08:08:10 +0000 (09:08 +0100)
commit	3962b76185194fa56be7f1689204a1188ea44737
tree	5cccbd866a306b1a051a3a9244319c35f346c749	tree \| snapshot
parent	432666b84b80f8b0d13672aa94855369f577c56d	commit \| diff

subversion: fix for Security Advisory CVE-2013-1847 and CVE-2013-1846

The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21
and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of
service (NULL pointer dereference and crash) via a LOCK on an activity URL.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1846

The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20
and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service
(NULL pointer dereference and crash) via an anonymous LOCK for a URL that does
not exist.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1847

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>

meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-1847-CVE-2013-1846.patch	[new file with mode: 0644]	blob
meta/recipes-devtools/subversion/subversion_1.6.15.bb		diff \| blob \| history