code.ossystems Code Review - openembedded-core.git/commit

author	Wenzong Fan <wenzong.fan@windriver.com>
	Tue, 17 Nov 2015 05:38:41 +0000 (00:38 -0500)
committer	Robert Yang <liezhi.yang@windriver.com>
	Tue, 8 Dec 2015 08:18:12 +0000 (00:18 -0800)
commit	7af7a3e692a6cd0d92768024efe32bfa7d83bc8f
tree	f7fbe4c57a0ed7a750125cbbcd653a8b281ea025	tree \| snapshot
parent	3671e20cb31f0a5c11939f3c5ba2d088db08e705	commit \| diff

subversion: fix CVE-2015-3184

mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before
1.8.14, when using Apache httpd 2.4.x, does not properly restrict
anonymous access, which allows remote anonymous users to read hidden
files via the path name.

Patch is from:
http://subversion.apache.org/security/CVE-2015-3184-advisory.txt

(From OE-Core master rev: 29eb921ed074d86fa8d5b205a313eb3177473a63)

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>

meta/recipes-devtools/subversion/subversion-1.8.13/subversion-CVE-2015-3184.patch	[new file with mode: 0644]	blob
meta/recipes-devtools/subversion/subversion_1.8.13.bb		diff \| blob \| history