subversion: Security Advisory - subversion - CVE-2014-3522 - openembedded-core-contrib - OpenEmbedded Core user contribution trees

diff options

author	Yue Tao <Yue.Tao@windriver.com>	2014-10-22 03:37:28 -0400
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2014-11-04 10:19:53 +0000
commit	06a33cd00ea11abec1ebe9d5883e44778075ccc6 (patch)
tree	69ed9389a6011d7ea1251bbfc2d9c6e6f6b0e326 /meta/recipes-devtools/insserv
parent	ffc1c58809a2f5fef13484613d1b57c2d4c5ebfb (diff)
download	openembedded-core-contrib-06a33cd00ea11abec1ebe9d5883e44778075ccc6.tar.gz

subversion: Security Advisory - subversion - CVE-2014-3522

The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.<a href=http://cwe.mitre.org/data/definitions/297.html target=_blank>CWE-297: Improper Validation of Certificate with Host Mismatch</a> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3522 Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>

Diffstat (limited to 'meta/recipes-devtools/insserv')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: