mirror of
https://git.yoctoproject.org/poky
synced 2026-02-08 09:46:38 +01:00
7bcc609bf0
Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4277 (From OE-Core rev: e0e483c5b2f481240e590ebb7d6189a211450a7e) (From OE-Core rev: 0517d47172c68097e30a5063cd09c1da6158c71d) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>