summaryrefslogtreecommitdiffstats
path: root/scripts
diff options
context:
space:
mode:
authorWenzong Fan <wenzong.fan@windriver.com>2014-11-21 01:02:05 -0500
committerRichard Purdie <richard.purdie@linuxfoundation.org>2014-11-21 16:50:48 +0000
commit9bfb78bff606700176909abaa5cf8a332292738a (patch)
tree82d676ad52adfc65ccb6ff21b021e74b4547a083 /scripts
parentcccad8c33ff3bc3a1973445b48ed29c9bdefa5ea (diff)
downloadpoky-9bfb78bff606700176909abaa5cf8a332292738a.tar.gz
serf: uprev to 1.3.7 for fixing CVE-2014-3504
The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_- ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in- the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3504 (From OE-Core rev: 832aa4c5a7989636dae3068f508ab2bff8b4ab23) Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'scripts')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-06-24 23:11:00 +0000