]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: f9d7407) | patch
nss: CVE-2013-5606
authorLi Wang <li.wang@windriver.com>
Mon, 28 Jul 2014 06:50:42 +0000 (02:50 -0400)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Tue, 29 Jul 2014 08:56:54 +0000 (09:56 +0100)
commit1e153b1b21276d56144add464d592cd7b96a4ede
treeb9c48bab8c2dd3b759658a8441c70cec5ecce935tree | snapshot
parentf9d7407e54f1fa3d3a316a5bbb8b80665e6f03fdcommit | diff
nss: CVE-2013-5606

the patch comes from:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5606
https://bugzilla.mozilla.org/show_bug.cgi?id=910438
http://hg.mozilla.org/projects/nss/rev/d29898e0981c

The CERT_VerifyCert function in lib/certhigh/certvfy.c in
Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides
an unexpected return value for an incompatible key-usage certificate
when the CERTVerifyLog argument is valid, which might allow remote
attackers to bypass intended access restrictions via a crafted certificate.

Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-support/nss/files/nss-CVE-2013-5606.patch [new file with mode: 0644] blob
meta/recipes-support/nss/nss.inc diff | blob | history
Mirror of the official openembedded-core repository