mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-04-15 21:32:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

subversion: fix CVE-2015-3184

Browse Source 
mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before
1.8.14, when using Apache httpd 2.4.x, does not properly restrict
anonymous access, which allows remote anonymous users to read hidden
files via the path name.

Patch is from:
http://subversion.apache.org/security/CVE-2015-3184-advisory.txt

(From OE-Core rev: 29eb921ed074d86fa8d5b205a313eb3177473a63)

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Wenzong Fan
2015-11-17 00:38:41 -05:00
committed by Richard Purdie
parent 40cd22815c
commit f91aedfb56
2 changed files with 2095 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2094
meta/recipes-devtools/subversion/subversion-1.8.13/subversion-CVE-2015-3184.patch Normal file
View File

File diff suppressed because it is too large Load Diff

1
meta/recipes-devtools/subversion/subversion_1.8.13.bb
View File

@@ -14,6 +14,7 @@ SRC_URI = "${APACHE_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
file://libtool2.patch \
file://disable_macos.patch \
file://serf.m4-Regex-modified-to-allow-D-in-paths.patch \
file://subversion-CVE-2015-3184.patch \
"
SRC_URI[md5sum] = "4413417b529d7bdf82f74e50df02e88b"
SRC_URI[sha256sum] = "1099cc68840753b48aedb3a27ebd1e2afbcc84ddb871412e5d500e843d607579"