]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 592f0dc) | patch
nss: CVE-2013-5606
authorLi Wang <li.wang@windriver.com>
Mon, 28 Jul 2014 06:50:42 +0000 (02:50 -0400)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Mon, 29 Sep 2014 10:51:25 +0000 (11:51 +0100)
commite2c81356f68eb0b77408e73f01df5bc5c9f2adb3
tree1fc7d11d2e0d301aa1d72f59f06181f60ee44727tree | snapshot
parent592f0dccaf1985194f40fc019a9d33b9623df37fcommit | diff
nss: CVE-2013-5606

the patch comes from:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5606
https://bugzilla.mozilla.org/show_bug.cgi?id=910438
http://hg.mozilla.org/projects/nss/rev/d29898e0981c

The CERT_VerifyCert function in lib/certhigh/certvfy.c in
Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides
an unexpected return value for an incompatible key-usage certificate
when the CERTVerifyLog argument is valid, which might allow remote
attackers to bypass intended access restrictions via a crafted certificate.

(From OE-Core rev: 1e153b1b21276d56144add464d592cd7b96a4ede)

Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Conflicts:
meta/recipes-support/nss/nss.inc
meta/recipes-support/nss/files/nss-CVE-2013-5606.patch [new file with mode: 0644] blob
meta/recipes-support/nss/nss.inc diff | blob | history
Mirror of the official openembedded-core repository