On 11/18/2015 09:26 AM, akuster808 wrote:

On 11/16/2015 09:38 PM, wenzong....@windriver.com wrote:
From: Wenzong Fan <wenzong....@windriver.com>

The following changes since commit d9aabf9639510fdb3e2ccc21ba5ae4aa9f6e4a57:

   gcc: Drop 4.8 (2015-11-16 14:59:18 +0000)

are available in the git repository at:

   git://git.pokylinux.org/poky-contrib wenzong/svn
   http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=wenzong/svn

Wenzong Fan (2):

Thanks.

   subversion: fix CVE-2015-3184
   subversion: fix CVE-2015-3187

These two fixes only affect Apache.

Apache version < 2.4.16 will need the following fix too.

CVE-2015-3185 httpd: ap_some_auth_required() does not properly indicate
authenticated request in 2.4

apache2 has been updated to 2.4.16, it should be fixed now.

commit fe0833e87e853024c9162fae17cbaf2fbfc6a53f
Author: Roy Li <rongqing...@windriver.com>
Date:   Fri Aug 7 14:07:49 2015 +0800

    apache: upgrade to 2.4.16

2.4.16 includes fixes for CVE-2015-3185, CVE-2015-0253 and CVE-2015-3183
    remove a backport patch 0001-SECURITY-CVE-2015-0228-cve.mitre.org.patch

    Signed-off-by: Roy Li <rongqing...@windriver.com>
    Signed-off-by: Martin Jansa <martin.ja...@gmail.com>

Thanks
Wenzong



This affects fido.

- armin



  .../subversion-CVE-2015-3184.patch                 | 2094 ++++++++++++++++++++
  .../subversion-CVE-2015-3187.patch                 |  346 ++++
  .../subversion/subversion_1.8.13.bb                |    2 +
  3 files changed, 2442 insertions(+)
  create mode 100644 
meta/recipes-devtools/subversion/subversion-1.8.13/subversion-CVE-2015-3184.patch
  create mode 100644 
meta/recipes-devtools/subversion/subversion-1.8.13/subversion-CVE-2015-3187.patch


--
_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Reply via email to