subversion: fix CVE-2015-3187 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Wenzong Fan <wenzong.fan@windriver.com>	2015-11-17 00:38:42 -0500
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2015-12-01 21:32:05 +0000
commit	04034e75e0a75d97416d0e22c0a7028d14af011f (patch)
tree	f7c20598fa72029b2230a9a02949fd84d2c417ca /meta/recipes-extended/rpcbind
parent	f91aedfb56f121883f341958fe9228dc7e75cf2f (diff)
download	poky-04034e75e0a75d97416d0e22c0a7028d14af011f.tar.gz

subversion: fix CVE-2015-3187

The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path. Patch is from: http://subversion.apache.org/security/CVE-2015-3187-advisory.txt (From OE-Core rev: 6da25614edcad30fdb4bea8ff47b81ff81cdaed2) Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'meta/recipes-extended/rpcbind')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: