[oe-commits] Yue Tao : subversion: Security Advisory - subversion - CVE-2014-3522
git at git.openembedded.org
git at git.openembedded.org
Fri Nov 21 16:51:28 UTC 2014
Module: openembedded-core.git
Branch: dizzy
Commit: 529ce75be949944a6e54151cd4233703e40c6351
URL: http://git.openembedded.org/?p=openembedded-core.git&a=commit;h=529ce75be949944a6e54151cd4233703e40c6351
Author: Yue Tao <Yue.Tao at windriver.com>
Date: Wed Oct 22 03:37:28 2014 -0400
subversion: Security Advisory - subversion - CVE-2014-3522
The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18
and 1.8.x before 1.8.10 does not properly handle wildcards in the Common
Name (CN) or subjectAltName field of the X.509 certificate, which allows
man-in-the-middle attackers to spoof servers via a crafted
certificate.<a href=http://cwe.mitre.org/data/definitions/297.html
target=_blank>CWE-297: Improper Validation of Certificate with Host
Mismatch</a>
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3522
(From OE-Core rev: 06a33cd00ea11abec1ebe9d5883e44778075ccc6)
Signed-off-by: Yue Tao <Yue.Tao at windriver.com>
Signed-off-by: Jackie Huang <jackie.huang at windriver.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
---
.../subversion-CVE-2014-3522.patch | 444 +++++++++++++++++++++
.../subversion/subversion-CVE-2014-3522.patch | 439 ++++++++++++++++++++
.../subversion/subversion_1.6.15.bb | 4 +-
.../subversion/subversion_1.8.9.bb | 1 +
4 files changed, 887 insertions(+), 1 deletion(-)
Diff: http://git.openembedded.org/?p=openembedded-core.git/?a=commitdiff;h=529ce75be949944a6e54151cd4233703e40c6351
More information about the Openembedded-commits
mailing list