← Back to branch summary

~ubuntu-branches/ubuntu/oneiric/subversion/oneiric-updates

« back to all changes in this revision

Viewing changes to debian/patches/cve-2010-3315

  • Committer: Bazaar Package Importer
  • Author(s): Peter Samuelson
  • Date: 2010-10-01 12:11:10 UTC
  • mto: This revision was merged to the branch mainline in revision 46.
  • Revision ID: james.westby@ubuntu.com-20101001121110-v0c0jqcvtj0br8v2
Tags: 1.6.12dfsg-2
http://bugs.debian.org/587853
* patches/cve-2010-3315: New patch for CVE-2010-3315, whereby, in rare
  configurations, mod_dav_svn could give too much access to authorized
  users.
* control: Update Vcs-* fields, Homepage, Policy to 3.9.1 (no changes),
  tweak python version declaration (Closes: #587853).

Show diffs side-by-side

added added

removed removed

Lines of Context:
debian/patches/cve-2010-3315
 
1
CVE-2010-3315: mod_dav_svn could give an authorized user more access
 
2
than he is configured to have, in certain rare configurations involving
 
3
the directive "SVNPathAuthz short_circuit", an optimization we do not
 
4
enable by default.
 
5
 
 
6
 
 
7
--- a/subversion/mod_dav_svn/authz.c
 
8
+++ b/subversion/mod_dav_svn/authz.c
 
9
@@ -59,7 +59,7 @@
 
10
   allow_read_bypass = dav_svn__get_pathauthz_bypass(r);
 
11
   if (allow_read_bypass != NULL)
 
12
     {
 
13
-      if (allow_read_bypass(r,path, repos->repo_name) == OK)
 
14
+      if (allow_read_bypass(r, path, repos->repo_basename) == OK)
 
15
         return TRUE;
 
16
       else
 
17
         return FALSE;