]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 4a67bb2) | patch
subversion: fix for Security Advisory CVE-2013-4505
authorYue Tao <Yue.Tao@windriver.com>
Tue, 15 Apr 2014 02:49:03 +0000 (10:49 +0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Thu, 29 May 2014 12:42:11 +0000 (13:42 +0100)
commitd245459306939aef078a89e671ec093e3d6321cd
treeda6905df90e5c173cce67715ace2be6d84c0d0f7tree | snapshot
parent4a67bb2a27c1c32b2a912b603e1c543db9e1810ecommit | diff
subversion: fix for Security Advisory CVE-2013-4505

The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0
through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass
intended access restrictions and possibly cause a denial of service
(resource consumption) via a relative URL in a REPORT request.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4505

(From OE-Core rev: 02314673619f44e5838ddb65bbe22f9342ee6167)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-devtools/subversion/subversion-1.7.10/subversion-CVE-2013-4505.patch [new file with mode: 0644] blob
meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-4505.patch [new file with mode: 0644] blob
meta/recipes-devtools/subversion/subversion_1.6.15.bb diff | blob | history
meta/recipes-devtools/subversion/subversion_1.7.10.bb diff | blob | history
Mirror of the official openembedded-core repository