nss: CVE-2013-5606 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Li Wang <li.wang@windriver.com>	2014-07-28 02:50:42 -0400
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2014-09-29 12:02:39 +0100
commit	1d04721fe8ea1f51e77548fb8d328112ca10eba2 (patch)
tree	5fb096176f54fdcf2bbaa0c1a48b32695c4c2e73 /meta/recipes-devtools/binutils/binutils-cross-canadian_2.24.bb
parent	a4d8015687cf9ddd6ef563e29cf840698f81c099 (diff)
download	poky-1d04721fe8ea1f51e77548fb8d328112ca10eba2.tar.gz

nss: CVE-2013-5606

the patch comes from: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5606 https://bugzilla.mozilla.org/show_bug.cgi?id=910438 http://hg.mozilla.org/projects/nss/rev/d29898e0981c The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access restrictions via a crafted certificate. (From OE-Core rev: 1e153b1b21276d56144add464d592cd7b96a4ede) (From OE-Core rev: e2c81356f68eb0b77408e73f01df5bc5c9f2adb3) Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Conflicts: meta/recipes-support/nss/nss.inc

Diffstat (limited to 'meta/recipes-devtools/binutils/binutils-cross-canadian_2.24.bb')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: