diff options
author | Wenzong Fan <wenzong.fan@windriver.com> | 2016-02-06 15:14:48 -0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-02-07 17:23:04 +0000 |
commit | f0ecaf46bb8e2a1bc0f22ee8650d10cbcc746a73 (patch) | |
tree | 343f92ccac68ee853cce06ed50d5cf6c4d75dce7 /meta/recipes-extended/watchdog/watchdog_5.14.bb | |
parent | 165fa6ce6213ab2b9610732a4926496b78ca4038 (diff) | |
download | poky-f0ecaf46bb8e2a1bc0f22ee8650d10cbcc746a73.tar.gz |
subversion: fix CVE-2015-3184
mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before
1.8.14, when using Apache httpd 2.4.x, does not properly restrict
anonymous access, which allows remote anonymous users to read hidden
files via the path name.
Patch is from:
http://subversion.apache.org/security/CVE-2015-3184-advisory.txt
(From OE-Core master rev: 29eb921ed074d86fa8d5b205a313eb3177473a63)
(From OE-Core rev: 7af7a3e692a6cd0d92768024efe32bfa7d83bc8f)
(From OE-Core rev: e4a1caecc5ae6b8488ec8ed7d303296af99146c0)
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended/watchdog/watchdog_5.14.bb')
0 files changed, 0 insertions, 0 deletions