diff options
| author | Wenzong Fan <wenzong.fan@windriver.com> | 2014-11-21 01:02:05 -0500 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2014-11-21 16:50:43 +0000 |
| commit | 832aa4c5a7989636dae3068f508ab2bff8b4ab23 (patch) | |
| tree | 7608d905b02bd8329dd7d294ab17254a1dac1b46 | |
| parent | 06ffe5637f23f6036aaf58b40f7f9a721624cd5b (diff) | |
| download | openembedded-core-832aa4c5a7989636dae3068f508ab2bff8b4ab23.tar.gz openembedded-core-832aa4c5a7989636dae3068f508ab2bff8b4ab23.tar.bz2 openembedded-core-832aa4c5a7989636dae3068f508ab2bff8b4ab23.zip | |
serf: uprev to 1.3.7 for fixing CVE-2014-3504
The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_-
ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7
does not properly handle a NUL byte in a domain name in the subject's
Common Name (CN) field of an X.509 certificate, which allows man-in-
the-middle attackers to spoof arbitrary SSL servers via a crafted
certificate issued by a legitimate Certification Authority.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3504
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/recipes-support/serf/serf_1.3.7.bb (renamed from meta/recipes-support/serf/serf_1.3.6.bb) | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/meta/recipes-support/serf/serf_1.3.6.bb b/meta/recipes-support/serf/serf_1.3.7.bb index 08b04d3ca6..5230ef7387 100644 --- a/meta/recipes-support/serf/serf_1.3.6.bb +++ b/meta/recipes-support/serf/serf_1.3.7.bb @@ -1,8 +1,8 @@ -SRC_URI = "http://serf.googlecode.com/svn/src_releases/serf-1.3.6.tar.bz2 \ +SRC_URI = "http://serf.googlecode.com/svn/src_releases/serf-1.3.7.tar.bz2 \ file://norpath.patch" -SRC_URI[md5sum] = "7fe38fa6eab078e0beabf291d8e4995d" -SRC_URI[sha256sum] = "ca637beb0399797d4fc7ffa85e801733cd9c876997fac4a4fd12e9afe86563f2" +SRC_URI[md5sum] = "0a6fa745df4517dd8f79c75c538919bc" +SRC_URI[sha256sum] = "ecccb74e665e6ea7539271e126a21d0f7eeddfeaa8ce090adb3aec6682f9f0ae" LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327" |