code.ossystems Code Review - openembedded-core.git/commit

subversion: fix CVE-2015-3184

mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before
1.8.14, when using Apache httpd 2.4.x, does not properly restrict
anonymous access, which allows remote anonymous users to read hidden
files via the path name.

Patch is from:
http://subversion.apache.org/security/CVE-2015-3184-advisory.txt

(From OE-Core master rev: 29eb921ed074d86fa8d5b205a313eb3177473a63)

(From OE-Core rev: 7af7a3e692a6cd0d92768024efe32bfa7d83bc8f)

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

author	Wenzong Fan <wenzong.fan@windriver.com>
	Sat, 6 Feb 2016 23:14:48 +0000 (15:14 -0800)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Sun, 7 Feb 2016 17:20:58 +0000 (17:20 +0000)
commit	e4a1caecc5ae6b8488ec8ed7d303296af99146c0
tree	594006092ba81bc127e5fa13f9d5a522619f50a1	tree \| snapshot
parent	5e73d0e88c28ca1e948f5c463b9d9d1001251a42	commit \| diff

meta/recipes-devtools/subversion/subversion-1.8.11/subversion-CVE-2015-3184.patch	[new file with mode: 0644]	blob
meta/recipes-devtools/subversion/subversion_1.8.11.bb		diff \| blob \| history