summaryrefslogtreecommitdiffstats
path: root/meta/recipes-support/libfm
diff options
context:
space:
mode:
authorWenzong Fan <wenzong.fan@windriver.com>2017-09-07 02:49:06 -0700
committerRichard Purdie <richard.purdie@linuxfoundation.org>2017-09-11 17:30:13 +0100
commit6e1f8001a0f3c26cce9c692d25987a3c47ff2f74 (patch)
tree3e204fb030fc5715fd52ef275d38b4fe10e759db /meta/recipes-support/libfm
parent34cde8e965acca2706d3e3d8b5b3e9f4c3e010c3 (diff)
downloadopenembedded-core-6e1f8001a0f3c26cce9c692d25987a3c47ff2f74.tar.gz
subversion: fix CVE-2017-9800
A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server(to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://. Backport patch from: http://svn.apache.org/viewvc?view=revision&amp;sortby=rev&amp;revision=1804691 Reference: http://subversion.apache.org/security/CVE-2017-9800-advisory.txt Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Diffstat (limited to 'meta/recipes-support/libfm')
0 files changed, 0 insertions, 0 deletions