[OE-core] [PATCH 0/2] subversion: fix CVE-2015-3184, CVE-2015-3187
wenzong fan
wenzong.fan at windriver.com
Fri Nov 27 06:20:43 UTC 2015
On 11/18/2015 09:26 AM, akuster808 wrote:
>
> On 11/16/2015 09:38 PM, wenzong.fan at windriver.com wrote:
>> From: Wenzong Fan <wenzong.fan at windriver.com>
>>
>> The following changes since commit d9aabf9639510fdb3e2ccc21ba5ae4aa9f6e4a57:
>>
>> gcc: Drop 4.8 (2015-11-16 14:59:18 +0000)
>>
>> are available in the git repository at:
>>
>> git://git.pokylinux.org/poky-contrib wenzong/svn
>> http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=wenzong/svn
>>
>> Wenzong Fan (2):
>
> Thanks.
>
>> subversion: fix CVE-2015-3184
>> subversion: fix CVE-2015-3187
>
> These two fixes only affect Apache.
>
> Apache version < 2.4.16 will need the following fix too.
>
> CVE-2015-3185 httpd: ap_some_auth_required() does not properly indicate
> authenticated request in 2.4
apache2 has been updated to 2.4.16, it should be fixed now.
commit fe0833e87e853024c9162fae17cbaf2fbfc6a53f
Author: Roy Li <rongqing.li at windriver.com>
Date: Fri Aug 7 14:07:49 2015 +0800
apache: upgrade to 2.4.16
2.4.16 includes fixes for CVE-2015-3185, CVE-2015-0253 and
CVE-2015-3183
remove a backport patch 0001-SECURITY-CVE-2015-0228-cve.mitre.org.patch
Signed-off-by: Roy Li <rongqing.li at windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa at gmail.com>
Thanks
Wenzong
>
>
> This affects fido.
>
> - armin
>
>
>>
>> .../subversion-CVE-2015-3184.patch | 2094 ++++++++++++++++++++
>> .../subversion-CVE-2015-3187.patch | 346 ++++
>> .../subversion/subversion_1.8.13.bb | 2 +
>> 3 files changed, 2442 insertions(+)
>> create mode 100644 meta/recipes-devtools/subversion/subversion-1.8.13/subversion-CVE-2015-3184.patch
>> create mode 100644 meta/recipes-devtools/subversion/subversion-1.8.13/subversion-CVE-2015-3187.patch
>>
>
More information about the Openembedded-core
mailing list