mirror of
https://git.yoctoproject.org/poky
synced 2026-03-30 17:02:22 +02:00
9bfb78bff6
The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_- ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in- the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3504 (From OE-Core rev: 832aa4c5a7989636dae3068f508ab2bff8b4ab23) Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>