[OE-core] [PATCH 0/2] subversion: fix CVE-2015-3184, CVE-2015-3187
akuster808
akuster808 at gmail.com
Wed Nov 18 01:26:24 UTC 2015
On 11/16/2015 09:38 PM, wenzong.fan at windriver.com wrote:
> From: Wenzong Fan <wenzong.fan at windriver.com>
>
> The following changes since commit d9aabf9639510fdb3e2ccc21ba5ae4aa9f6e4a57:
>
> gcc: Drop 4.8 (2015-11-16 14:59:18 +0000)
>
> are available in the git repository at:
>
> git://git.pokylinux.org/poky-contrib wenzong/svn
> http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=wenzong/svn
>
> Wenzong Fan (2):
Thanks.
> subversion: fix CVE-2015-3184
> subversion: fix CVE-2015-3187
These two fixes only affect Apache.
Apache version < 2.4.16 will need the following fix too.
CVE-2015-3185 httpd: ap_some_auth_required() does not properly indicate
authenticated request in 2.4
This affects fido.
- armin
>
> .../subversion-CVE-2015-3184.patch | 2094 ++++++++++++++++++++
> .../subversion-CVE-2015-3187.patch | 346 ++++
> .../subversion/subversion_1.8.13.bb | 2 +
> 3 files changed, 2442 insertions(+)
> create mode 100644 meta/recipes-devtools/subversion/subversion-1.8.13/subversion-CVE-2015-3184.patch
> create mode 100644 meta/recipes-devtools/subversion/subversion-1.8.13/subversion-CVE-2015-3187.patch
>
More information about the Openembedded-core
mailing list