subversion: Security Advisory - subversion - CVE-2014-3528
authorYue Tao <Yue.Tao@windriver.com>
Wed, 22 Oct 2014 07:37:29 +0000 (03:37 -0400)
committerPatrick Ohly <patrick.ohly@intel.com>
Fri, 9 Jan 2015 17:18:39 +0000 (09:18 -0800)
commit4bada654775122998c3fca5c1d56d3c6d51d88eb
tree83e62704c54dca28580afed5e08933533eae6c50
parentc95c9189d6a4d8ed7a420979af6e1430b9cedf91
subversion: Security Advisory - subversion - CVE-2014-3528

Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before
1.8.10 uses an MD5 hash of the URL and authentication realm to store
cached credentials, which makes it easier for remote servers to obtain
the credentials via a crafted authentication realm.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3528

(From OE-Core rev: e0dc0432b13f38d16f642bdadf8ebc78b7a74806)

(From OE-Core rev: 4ff3355e4daf841c66fb78e88bf2d6e26d8f9ced)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
meta/recipes-devtools/subversion/subversion/subversion-CVE-2014-3528.patch [new file with mode: 0644]
meta/recipes-devtools/subversion/subversion_1.6.15.bb
meta/recipes-devtools/subversion/subversion_1.8.9.bb