[oe-commits] Yue Tao : subversion: Security Advisory - subversion - CVE-2014-3522
git at git.openembedded.org
git at git.openembedded.org
Tue Nov 4 12:00:59 UTC 2014
Module: openembedded-core.git
Branch: master-next
Commit: 06a33cd00ea11abec1ebe9d5883e44778075ccc6
URL: http://git.openembedded.org/?p=openembedded-core.git&a=commit;h=06a33cd00ea11abec1ebe9d5883e44778075ccc6
Author: Yue Tao <Yue.Tao at windriver.com>
Date: Wed Oct 22 03:37:28 2014 -0400
subversion: Security Advisory - subversion - CVE-2014-3522
The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18
and 1.8.x before 1.8.10 does not properly handle wildcards in the Common
Name (CN) or subjectAltName field of the X.509 certificate, which allows
man-in-the-middle attackers to spoof servers via a crafted
certificate.<a href=http://cwe.mitre.org/data/definitions/297.html
target=_blank>CWE-297: Improper Validation of Certificate with Host
Mismatch</a>
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3522
Signed-off-by: Yue Tao <Yue.Tao at windriver.com>
Signed-off-by: Jackie Huang <jackie.huang at windriver.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
---
.../subversion-CVE-2014-3522.patch | 444 +++++++++++++++++++++
.../subversion/subversion-CVE-2014-3522.patch | 439 ++++++++++++++++++++
.../subversion/subversion_1.6.15.bb | 4 +-
.../subversion/subversion_1.8.9.bb | 1 +
4 files changed, 887 insertions(+), 1 deletion(-)
Diff: http://git.openembedded.org/?p=openembedded-core.git/?a=commitdiff;h=06a33cd00ea11abec1ebe9d5883e44778075ccc6
More information about the Openembedded-commits
mailing list