diff options
author | Wenzong Fan <wenzong.fan@windriver.com> | 2014-11-21 01:02:05 -0500 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2014-11-21 16:50:48 +0000 |
commit | 9bfb78bff606700176909abaa5cf8a332292738a (patch) | |
tree | 82d676ad52adfc65ccb6ff21b021e74b4547a083 /scripts | |
parent | cccad8c33ff3bc3a1973445b48ed29c9bdefa5ea (diff) | |
download | poky-9bfb78bff606700176909abaa5cf8a332292738a.tar.gz |
serf: uprev to 1.3.7 for fixing CVE-2014-3504
The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_-
ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7
does not properly handle a NUL byte in a domain name in the subject's
Common Name (CN) field of an X.509 certificate, which allows man-in-
the-middle attackers to spoof arbitrary SSL servers via a crafted
certificate issued by a legitimate Certification Authority.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3504
(From OE-Core rev: 832aa4c5a7989636dae3068f508ab2bff8b4ab23)
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'scripts')
0 files changed, 0 insertions, 0 deletions