openembedded-core.git - Mirror of openembedded-core

diff options

author	Wenzong Fan <wenzong.fan@windriver.com>	2014-11-21 01:02:05 -0500
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2014-11-21 16:50:43 +0000
commit	832aa4c5a7989636dae3068f508ab2bff8b4ab23 (patch)
tree	7608d905b02bd8329dd7d294ab17254a1dac1b46 /scripts
parent	06ffe5637f23f6036aaf58b40f7f9a721624cd5b (diff)
download	openembedded-core-832aa4c5a7989636dae3068f508ab2bff8b4ab23.tar.gz openembedded-core-832aa4c5a7989636dae3068f508ab2bff8b4ab23.tar.bz2 openembedded-core-832aa4c5a7989636dae3068f508ab2bff8b4ab23.zip

serf: uprev to 1.3.7 for fixing CVE-2014-3504

The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_- ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in- the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3504 Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'scripts')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: