* [PATCH 0/1][Dizzy] serf: uprev to 1.3.7 for fixing CVE-2014-3504
@ 2014-11-21 6:02 wenzong.fan
2014-11-21 6:02 ` [PATCH 1/1][Dizzy] " wenzong.fan
0 siblings, 1 reply; 2+ messages in thread
From: wenzong.fan @ 2014-11-21 6:02 UTC (permalink / raw)
To: openembedded-core
From: Wenzong Fan <wenzong.fan@windriver.com>
The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_-
ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7
does not properly handle a NUL byte in a domain name in the subject's
Common Name (CN) field of an X.509 certificate, which allows man-in-
the-middle attackers to spoof arbitrary SSL servers via a crafted
certificate issued by a legitimate Certification Authority.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3504
The following changes since commit 081fddd3e464935e5f438a7686eb8f8856da6281:
bitbake: data_smart.py: fix variable splitting at _remove mechanism (2014-11-19 10:46:41 +0000)
are available in the git repository at:
git://git.pokylinux.org/poky-contrib wenzong/dizzy
http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=wenzong/dizzy
Wenzong Fan (1):
serf: uprev to 1.3.7 for fixing CVE-2014-3504
.../serf/{serf_1.3.6.bb => serf_1.3.7.bb} | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
rename meta/recipes-support/serf/{serf_1.3.6.bb => serf_1.3.7.bb} (82%)
--
1.7.9.5
^ permalink raw reply [flat|nested] 2+ messages in thread
* [PATCH 1/1][Dizzy] serf: uprev to 1.3.7 for fixing CVE-2014-3504
2014-11-21 6:02 [PATCH 0/1][Dizzy] serf: uprev to 1.3.7 for fixing CVE-2014-3504 wenzong.fan
@ 2014-11-21 6:02 ` wenzong.fan
0 siblings, 0 replies; 2+ messages in thread
From: wenzong.fan @ 2014-11-21 6:02 UTC (permalink / raw)
To: openembedded-core
From: Wenzong Fan <wenzong.fan@windriver.com>
The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_-
ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7
does not properly handle a NUL byte in a domain name in the subject's
Common Name (CN) field of an X.509 certificate, which allows man-in-
the-middle attackers to spoof arbitrary SSL servers via a crafted
certificate issued by a legitimate Certification Authority.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3504
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
.../serf/{serf_1.3.6.bb => serf_1.3.7.bb} | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
rename meta/recipes-support/serf/{serf_1.3.6.bb => serf_1.3.7.bb} (82%)
diff --git a/meta/recipes-support/serf/serf_1.3.6.bb b/meta/recipes-support/serf/serf_1.3.7.bb
similarity index 82%
rename from meta/recipes-support/serf/serf_1.3.6.bb
rename to meta/recipes-support/serf/serf_1.3.7.bb
index 08b04d3..5230ef7 100644
--- a/meta/recipes-support/serf/serf_1.3.6.bb
+++ b/meta/recipes-support/serf/serf_1.3.7.bb
@@ -1,8 +1,8 @@
-SRC_URI = "http://serf.googlecode.com/svn/src_releases/serf-1.3.6.tar.bz2 \
+SRC_URI = "http://serf.googlecode.com/svn/src_releases/serf-1.3.7.tar.bz2 \
file://norpath.patch"
-SRC_URI[md5sum] = "7fe38fa6eab078e0beabf291d8e4995d"
-SRC_URI[sha256sum] = "ca637beb0399797d4fc7ffa85e801733cd9c876997fac4a4fd12e9afe86563f2"
+SRC_URI[md5sum] = "0a6fa745df4517dd8f79c75c538919bc"
+SRC_URI[sha256sum] = "ecccb74e665e6ea7539271e126a21d0f7eeddfeaa8ce090adb3aec6682f9f0ae"
LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327"
--
1.7.9.5
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2014-11-21 6:02 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-11-21 6:02 [PATCH 0/1][Dizzy] serf: uprev to 1.3.7 for fixing CVE-2014-3504 wenzong.fan
2014-11-21 6:02 ` [PATCH 1/1][Dizzy] " wenzong.fan
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox