summaryrefslogtreecommitdiffstats
path: root/scripts/native-intercept
diff options
context:
space:
mode:
authorLi Wang <li.wang@windriver.com>2014-07-28 02:50:42 -0400
committerRichard Purdie <richard.purdie@linuxfoundation.org>2014-07-29 09:58:27 +0100
commit21b1cd1c24166afbe3fb9bfc4936d917d366df10 (patch)
treefaa43325cdf4fd8e3550d085bbc7097221d2ca7f /scripts/native-intercept
parent0685207d43b1bb7ad8be21e14c0f543070c9efcf (diff)
downloadpoky-21b1cd1c24166afbe3fb9bfc4936d917d366df10.tar.gz
nss: CVE-2013-5606
the patch comes from: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5606 https://bugzilla.mozilla.org/show_bug.cgi?id=910438 http://hg.mozilla.org/projects/nss/rev/d29898e0981c The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access restrictions via a crafted certificate. (From OE-Core rev: 1e153b1b21276d56144add464d592cd7b96a4ede) Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'scripts/native-intercept')
0 files changed, 0 insertions, 0 deletions