diff options
author | Li Wang <li.wang@windriver.com> | 2014-07-28 02:50:42 -0400 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2014-09-29 11:51:25 +0100 |
commit | e2c81356f68eb0b77408e73f01df5bc5c9f2adb3 (patch) | |
tree | 1fc7d11d2e0d301aa1d72f59f06181f60ee44727 /meta/recipes-support/nss/nss.inc | |
parent | 592f0dccaf1985194f40fc019a9d33b9623df37f (diff) | |
download | openembedded-core-e2c81356f68eb0b77408e73f01df5bc5c9f2adb3.tar.gz |
nss: CVE-2013-5606
the patch comes from:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5606
https://bugzilla.mozilla.org/show_bug.cgi?id=910438
http://hg.mozilla.org/projects/nss/rev/d29898e0981c
The CERT_VerifyCert function in lib/certhigh/certvfy.c in
Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides
an unexpected return value for an incompatible key-usage certificate
when the CERTVerifyLog argument is valid, which might allow remote
attackers to bypass intended access restrictions via a crafted certificate.
(From OE-Core rev: 1e153b1b21276d56144add464d592cd7b96a4ede)
Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Conflicts:
meta/recipes-support/nss/nss.inc
Diffstat (limited to 'meta/recipes-support/nss/nss.inc')
-rw-r--r-- | meta/recipes-support/nss/nss.inc | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/meta/recipes-support/nss/nss.inc b/meta/recipes-support/nss/nss.inc index 5afd63914b..ce7d4a4b27 100644 --- a/meta/recipes-support/nss/nss.inc +++ b/meta/recipes-support/nss/nss.inc @@ -20,6 +20,8 @@ SRC_URI = "\ file://nss-3.15.1-fix-CVE-2013-5605.patch \ file://nss-CVE-2014-1492.patch \ file://nss-CVE-2013-1740.patch \ + file://nss-3.15.1-fix-CVE-2013-1739.patch \ + file://nss-CVE-2013-5606.patch \ " SRC_URI_append_class-target = "\ file://nss.pc.in \ |