subversion: fix CVE-2015-3184 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Wenzong Fan <wenzong.fan@windriver.com>	2016-02-06 15:14:48 -0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2016-02-07 17:23:04 +0000
commit	f0ecaf46bb8e2a1bc0f22ee8650d10cbcc746a73 (patch)
tree	343f92ccac68ee853cce06ed50d5cf6c4d75dce7 /meta/recipes-extended/libaio
parent	165fa6ce6213ab2b9610732a4926496b78ca4038 (diff)
download	poky-f0ecaf46bb8e2a1bc0f22ee8650d10cbcc746a73.tar.gz

subversion: fix CVE-2015-3184

mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name. Patch is from: http://subversion.apache.org/security/CVE-2015-3184-advisory.txt (From OE-Core master rev: 29eb921ed074d86fa8d5b205a313eb3177473a63) (From OE-Core rev: 7af7a3e692a6cd0d92768024efe32bfa7d83bc8f) (From OE-Core rev: e4a1caecc5ae6b8488ec8ed7d303296af99146c0) Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'meta/recipes-extended/libaio')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: