Home
last modified time | relevance | path

Searched hist:"5661 f8d9" (Results 1 – 2 of 2) sorted by relevance

/aoo41x/ext_libraries/serf/
H A DNULbytes.patch5661f8d9 Wed Sep 30 05:02:50 UTC 2020 Don Lewis <truckman@apache.org> Fix handling of NUL characters in certificate fields

A flaw was found in the way Serf handled NUL characters in the CommonName
and SubjectAltNames fields of X.509 certificates. An attacker able to
get a carefully-crafted certificate signed by a trusted Certificate
Authority could trick applications using Serf (such as Subversion on
Fedora 20 and later, refer also to bug 1127063) into accepting it by
mistake, allowing the attacker to perform a man-in-the-middle attack.

Patch by: Ben Reser of WANdisco via Serf Project and Apache Serf
H A Dmakefile.mkdiff 5661f8d9 Wed Sep 30 05:02:50 UTC 2020 Don Lewis <truckman@apache.org> Fix handling of NUL characters in certificate fields

A flaw was found in the way Serf handled NUL characters in the CommonName
and SubjectAltNames fields of X.509 certificates. An attacker able to
get a carefully-crafted certificate signed by a trusted Certificate
Authority could trick applications using Serf (such as Subversion on
Fedora 20 and later, refer also to bug 1127063) into accepting it by
mistake, allowing the attacker to perform a man-in-the-middle attack.

Patch by: Ben Reser of WANdisco via Serf Project and Apache Serf

Completed in 24 milliseconds