]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 7af7a3e) | patch
subversion: fix CVE-2015-3187
authorWenzong Fan <wenzong.fan@windriver.com>
Tue, 17 Nov 2015 05:38:42 +0000 (00:38 -0500)
committerRobert Yang <liezhi.yang@windriver.com>
Tue, 8 Dec 2015 08:18:12 +0000 (00:18 -0800)
commite1e277bf51c6f00268358f6bf8623261b1b9bc22
treea02eae184c4ff64c127156631f61c572531a2b3atree | snapshot
parent7af7a3e692a6cd0d92768024efe32bfa7d83bc8fcommit | diff
subversion: fix CVE-2015-3187

The svn_repos_trace_node_locations function in Apache Subversion before
1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used,
allows remote authenticated users to obtain sensitive path information
by reading the history of a node that has been moved from a hidden path.

Patch is from:
http://subversion.apache.org/security/CVE-2015-3187-advisory.txt

(From OE-Core master rev: 6da25614edcad30fdb4bea8ff47b81ff81cdaed2)

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
meta/recipes-devtools/subversion/subversion-1.8.13/subversion-CVE-2015-3187.patch [new file with mode: 0644] blob
meta/recipes-devtools/subversion/subversion_1.8.13.bb diff | blob | history
Mirror of the official openembedded-core repository