OpenPOWER buildroot sources https://git.raptorcs.com/git/buildroot/atom?h=2017.02.2 2017-04-28T12:25:38+00:00 2017-04-28T12:25:38+00:00 Peter Korsgaard peter@korsgaard.com 2017-04-25T13:44:23+00:00 urn:sha1:32e514709f9955a29fea8f307b8907ec6f955ba9 CVE-2016-4806 - Web2py versions 2.14.5 and below was affected by Local File Inclusion vulnerability, which allows a malicious intended user to read/access web server sensitive files. CVE-2016-4807 - Web2py versions 2.14.5 and below was affected by Reflected XSS vulnerability, which allows an attacker to perform an XSS attack on logged in user (admin). CVE-2016-4808 - Web2py versions 2.14.5 and below was affected by CSRF (Cross Site Request Forgery) vulnerability, which allows an attacker to trick a logged in user to perform some unwanted actions i.e An attacker can trick an victim to disable the installed application just by sending a URL to victim. CVE-2016-10321 - web2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attacks. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit a534030c6e67ff0319f8af2b55fe977a06f17dfd) Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2015-11-24T18:43:50+00:00 Angelo Compagnucci angelo.compagnucci@gmail.com 2015-11-22T21:21:14+00:00 urn:sha1:2d5158fd62ae9ea2e608f43f2db445aed4613e67 This patch bumps web2py to the latest released version (2.12.3) and adds hash file. Signed-off-by: Angelo Compagnucci <angelo.compagnucci@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>