[OE-core] [PATCH 0/1][Dizzy] serf: uprev to 1.3.7 for fixing CVE-2014-3504

Fri Nov 21 06:02:04 UTC 2014

From: Wenzong Fan <wenzong.fan at windriver.com>

The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_-
ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7
does not properly handle a NUL byte in a domain name in the subject's
Common Name (CN) field of an X.509 certificate, which allows man-in-
the-middle attackers to spoof arbitrary SSL servers via a crafted
certificate issued by a legitimate Certification Authority.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3504

The following changes since commit 081fddd3e464935e5f438a7686eb8f8856da6281:

  bitbake: data_smart.py: fix variable splitting at _remove mechanism (2014-11-19 10:46:41 +0000)

are available in the git repository at:

  git://git.pokylinux.org/poky-contrib wenzong/dizzy
  http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=wenzong/dizzy

Wenzong Fan (1):
  serf: uprev to 1.3.7 for fixing CVE-2014-3504

 .../serf/{serf_1.3.6.bb => serf_1.3.7.bb}          |    6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
 rename meta/recipes-support/serf/{serf_1.3.6.bb => serf_1.3.7.bb} (82%)

-- 
1.7.9.5