[OE-core] [PATCH 0/1] uprev serf: 1.3.6 -> 1.3.8
wenzong fan
wenzong.fan at windriver.com
Wed Nov 19 01:46:47 UTC 2014
As https://subversion.apache.org/security/CVE-2014-3522-advisory.txt
mentioned:
We recommend all users to upgrade to Subversion 1.8.10. Users of
Subversion 1.7.x or 1.8.x who are unable to upgrade may apply the
included patch. We also recommend that all users upgrade to Serf 1.3.7
or newer to resolve CVE-2014-3504.
The subversion has been 1.8.10 on master and we only need to uprev serf now.
Akuster,
I wonder how would you like to process this on Dizzy?
Uprev subversion or just apply related CVE fixes, I did think the serf
should be uprev-ed.
Thanks
Wenzong
On 11/17/2014 11:35 PM, akuster wrote:
> Please add to the 1.3.7 the security fix
>
> - CVE-2014-3504: (Closes: #757965)
>
> On 11/17/2014 12:38 AM, wenzong.fan at windriver.com wrote:
>> From: Wenzong Fan <wenzong.fan at windriver.com>
>>
>> Release changes:
>>
>> Serf 1.3.8 [2014-10-20, from /tags/1.3.8, rxxxx]
>> Fix issue #152: CRC calculation error for gzipped http reponses > 4GB.
>> Fix issue #153: SSPI CredHandle not freed when APR pool is destroyed.
>> Fix issue #154: Disable SSLv2 and SSLv3 as both or broken.
>>
>> Serf 1.3.7 [2014-08-11, from /tags/1.3.7, r2411]
>> Handle NUL bytes in fields of an X.509 certificate. (r2393, r2399)
>>
>> The following changes since commit
>> edaeb8940813b620090a0797ad3b6a076897512d:
>>
>> bitbake: cooker.py: fix loginfo op being set to an invalid value
>> (2014-11-12 17:04:50 +0000)
>>
>> are available in the git repository at:
>>
>> git://git.pokylinux.org/poky-contrib wenzong/serf
>> http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=wenzong/serf
>>
>> Wenzong Fan (1):
>> serf: 1.3.6 -> 1.3.8
>>
>> .../serf/{serf_1.3.6.bb => serf_1.3.8.bb} | 6 +++---
>> 1 file changed, 3 insertions(+), 3 deletions(-)
>> rename meta/recipes-support/serf/{serf_1.3.6.bb => serf_1.3.8.bb} (74%)
>>
>
More information about the Openembedded-core
mailing list