openembedded-core.git - Mirror of openembedded-core

diff options

author	Wenzong Fan <wenzong.fan@windriver.com>	2015-11-17 00:38:41 -0500
committer	Robert Yang <liezhi.yang@windriver.com>	2015-12-08 00:18:12 -0800
commit	7af7a3e692a6cd0d92768024efe32bfa7d83bc8f (patch)
tree	f7fbe4c57a0ed7a750125cbbcd653a8b281ea025 /scripts/lib
parent	3671e20cb31f0a5c11939f3c5ba2d088db08e705 (diff)
download	openembedded-core-7af7a3e692a6cd0d92768024efe32bfa7d83bc8f.tar.gz openembedded-core-7af7a3e692a6cd0d92768024efe32bfa7d83bc8f.tar.bz2 openembedded-core-7af7a3e692a6cd0d92768024efe32bfa7d83bc8f.zip

subversion: fix CVE-2015-3184

mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name. Patch is from: http://subversion.apache.org/security/CVE-2015-3184-advisory.txt (From OE-Core master rev: 29eb921ed074d86fa8d5b205a313eb3177473a63) Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>

Diffstat (limited to 'scripts/lib')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: