As https://subversion.apache.org/security/CVE-2014-3522-advisory.txt
mentioned:
We recommend all users to upgrade to Subversion 1.8.10. Users of
Subversion 1.7.x or 1.8.x who are unable to upgrade may apply the
included patch. We also recommend that all users upgrade to Serf 1.3.7
or newer to resolve CVE-2014-3504.
The subversion has been 1.8.10 on master and we only need to uprev serf now.
Akuster,
I wonder how would you like to process this on Dizzy?
Uprev subversion or just apply related CVE fixes, I did think the serf
should be uprev-ed.
Thanks
Wenzong
On 11/17/2014 11:35 PM, akuster wrote:
Please add to the 1.3.7 the security fix
- CVE-2014-3504: (Closes: #757965)
On 11/17/2014 12:38 AM, wenzong....@windriver.com wrote:
From: Wenzong Fan <wenzong....@windriver.com>
Release changes:
Serf 1.3.8 [2014-10-20, from /tags/1.3.8, rxxxx]
Fix issue #152: CRC calculation error for gzipped http reponses > 4GB.
Fix issue #153: SSPI CredHandle not freed when APR pool is destroyed.
Fix issue #154: Disable SSLv2 and SSLv3 as both or broken.
Serf 1.3.7 [2014-08-11, from /tags/1.3.7, r2411]
Handle NUL bytes in fields of an X.509 certificate. (r2393, r2399)
The following changes since commit
edaeb8940813b620090a0797ad3b6a076897512d:
bitbake: cooker.py: fix loginfo op being set to an invalid value
(2014-11-12 17:04:50 +0000)
are available in the git repository at:
git://git.pokylinux.org/poky-contrib wenzong/serf
http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=wenzong/serf
Wenzong Fan (1):
serf: 1.3.6 -> 1.3.8
.../serf/{serf_1.3.6.bb => serf_1.3.8.bb} | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
rename meta/recipes-support/serf/{serf_1.3.6.bb => serf_1.3.8.bb} (74%)
--
_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
