From: wenzong fan <wenzong.fan@windriver.com>
To: akuster <akuster@mvista.com>, <openembedded-core@lists.openembedded.org>
Subject: Re: [PATCH 0/1] uprev serf: 1.3.6 -> 1.3.8
Date: Wed, 19 Nov 2014 09:46:47 +0800 [thread overview]
Message-ID: <546BF687.2040007@windriver.com> (raw)
In-Reply-To: <546A15B5.9030205@mvista.com>
As https://subversion.apache.org/security/CVE-2014-3522-advisory.txt
mentioned:
We recommend all users to upgrade to Subversion 1.8.10. Users of
Subversion 1.7.x or 1.8.x who are unable to upgrade may apply the
included patch. We also recommend that all users upgrade to Serf 1.3.7
or newer to resolve CVE-2014-3504.
The subversion has been 1.8.10 on master and we only need to uprev serf now.
Akuster,
I wonder how would you like to process this on Dizzy?
Uprev subversion or just apply related CVE fixes, I did think the serf
should be uprev-ed.
Thanks
Wenzong
On 11/17/2014 11:35 PM, akuster wrote:
> Please add to the 1.3.7 the security fix
>
> - CVE-2014-3504: (Closes: #757965)
>
> On 11/17/2014 12:38 AM, wenzong.fan@windriver.com wrote:
>> From: Wenzong Fan <wenzong.fan@windriver.com>
>>
>> Release changes:
>>
>> Serf 1.3.8 [2014-10-20, from /tags/1.3.8, rxxxx]
>> Fix issue #152: CRC calculation error for gzipped http reponses > 4GB.
>> Fix issue #153: SSPI CredHandle not freed when APR pool is destroyed.
>> Fix issue #154: Disable SSLv2 and SSLv3 as both or broken.
>>
>> Serf 1.3.7 [2014-08-11, from /tags/1.3.7, r2411]
>> Handle NUL bytes in fields of an X.509 certificate. (r2393, r2399)
>>
>> The following changes since commit
>> edaeb8940813b620090a0797ad3b6a076897512d:
>>
>> bitbake: cooker.py: fix loginfo op being set to an invalid value
>> (2014-11-12 17:04:50 +0000)
>>
>> are available in the git repository at:
>>
>> git://git.pokylinux.org/poky-contrib wenzong/serf
>> http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=wenzong/serf
>>
>> Wenzong Fan (1):
>> serf: 1.3.6 -> 1.3.8
>>
>> .../serf/{serf_1.3.6.bb => serf_1.3.8.bb} | 6 +++---
>> 1 file changed, 3 insertions(+), 3 deletions(-)
>> rename meta/recipes-support/serf/{serf_1.3.6.bb => serf_1.3.8.bb} (74%)
>>
>
prev parent reply other threads:[~2014-11-19 1:46 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-11-17 8:38 [PATCH 0/1] uprev serf: 1.3.6 -> 1.3.8 wenzong.fan
2014-11-17 8:38 ` [PATCH 1/1] " wenzong.fan
2014-11-17 15:43 ` akuster
2014-11-17 16:29 ` Mark Hatle
2014-11-17 15:35 ` [PATCH 0/1] uprev " akuster
2014-11-18 2:58 ` wenzong fan
2014-11-19 1:46 ` wenzong fan [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=546BF687.2040007@windriver.com \
--to=wenzong.fan@windriver.com \
--cc=akuster@mvista.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox