diff options
author | Wenzong Fan <wenzong.fan@windriver.com> | 2015-11-17 00:38:42 -0500 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2015-12-08 10:27:15 +0000 |
commit | 0cb2fa5f73a2ad2dcfbfdf0337ba293880eea0a8 (patch) | |
tree | 32ff6bdaf49f2747f4e8535dc55c1a7521cf5466 /meta/recipes-devtools/subversion/subversion_1.8.13.bb | |
parent | 5b52e9b086bd57fe6207771b7deb9092865a64b2 (diff) | |
download | poky-0cb2fa5f73a2ad2dcfbfdf0337ba293880eea0a8.tar.gz |
subversion: fix CVE-2015-3187
The svn_repos_trace_node_locations function in Apache Subversion before
1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used,
allows remote authenticated users to obtain sensitive path information
by reading the history of a node that has been moved from a hidden path.
Patch is from:
http://subversion.apache.org/security/CVE-2015-3187-advisory.txt
(From OE-Core master rev: 6da25614edcad30fdb4bea8ff47b81ff81cdaed2)
(From OE-Core rev: e1e277bf51c6f00268358f6bf8623261b1b9bc22)
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/subversion/subversion_1.8.13.bb')
-rw-r--r-- | meta/recipes-devtools/subversion/subversion_1.8.13.bb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-devtools/subversion/subversion_1.8.13.bb b/meta/recipes-devtools/subversion/subversion_1.8.13.bb index 9505247be5..68934b7e02 100644 --- a/meta/recipes-devtools/subversion/subversion_1.8.13.bb +++ b/meta/recipes-devtools/subversion/subversion_1.8.13.bb | |||
@@ -15,6 +15,7 @@ SRC_URI = "${APACHE_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \ | |||
15 | file://disable_macos.patch \ | 15 | file://disable_macos.patch \ |
16 | file://serf.m4-Regex-modified-to-allow-D-in-paths.patch \ | 16 | file://serf.m4-Regex-modified-to-allow-D-in-paths.patch \ |
17 | file://subversion-CVE-2015-3184.patch \ | 17 | file://subversion-CVE-2015-3184.patch \ |
18 | file://subversion-CVE-2015-3187.patch \ | ||
18 | " | 19 | " |
19 | SRC_URI[md5sum] = "4413417b529d7bdf82f74e50df02e88b" | 20 | SRC_URI[md5sum] = "4413417b529d7bdf82f74e50df02e88b" |
20 | SRC_URI[sha256sum] = "1099cc68840753b48aedb3a27ebd1e2afbcc84ddb871412e5d500e843d607579" | 21 | SRC_URI[sha256sum] = "1099cc68840753b48aedb3a27ebd1e2afbcc84ddb871412e5d500e843d607579" |