[OE-core] [PATCH 0/1][Dizzy] serf: uprev to 1.3.7 for fixing CVE-2014-3504
wenzong.fan at windriver.com
wenzong.fan at windriver.com
Fri Nov 21 06:02:04 UTC 2014
From: Wenzong Fan <wenzong.fan at windriver.com>
The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_-
ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7
does not properly handle a NUL byte in a domain name in the subject's
Common Name (CN) field of an X.509 certificate, which allows man-in-
the-middle attackers to spoof arbitrary SSL servers via a crafted
certificate issued by a legitimate Certification Authority.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3504
The following changes since commit 081fddd3e464935e5f438a7686eb8f8856da6281:
bitbake: data_smart.py: fix variable splitting at _remove mechanism (2014-11-19 10:46:41 +0000)
are available in the git repository at:
git://git.pokylinux.org/poky-contrib wenzong/dizzy
http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=wenzong/dizzy
Wenzong Fan (1):
serf: uprev to 1.3.7 for fixing CVE-2014-3504
.../serf/{serf_1.3.6.bb => serf_1.3.7.bb} | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
rename meta/recipes-support/serf/{serf_1.3.6.bb => serf_1.3.7.bb} (82%)
--
1.7.9.5
More information about the Openembedded-core
mailing list