Searched hist:"5661 f8d9" (Results 1 – 2 of 2) sorted by relevance
/aoo41x/ext_libraries/serf/ |
H A D | NULbytes.patch | 5661f8d9 Wed Sep 30 05:02:50 UTC 2020 Don Lewis <truckman@apache.org> Fix handling of NUL characters in certificate fields A flaw was found in the way Serf handled NUL characters in the CommonName and SubjectAltNames fields of X.509 certificates. An attacker able to get a carefully-crafted certificate signed by a trusted Certificate Authority could trick applications using Serf (such as Subversion on Fedora 20 and later, refer also to bug 1127063) into accepting it by mistake, allowing the attacker to perform a man-in-the-middle attack. Patch by: Ben Reser of WANdisco via Serf Project and Apache Serf
|
H A D | makefile.mk | diff 5661f8d9 Wed Sep 30 05:02:50 UTC 2020 Don Lewis <truckman@apache.org> Fix handling of NUL characters in certificate fields A flaw was found in the way Serf handled NUL characters in the CommonName and SubjectAltNames fields of X.509 certificates. An attacker able to get a carefully-crafted certificate signed by a trusted Certificate Authority could trick applications using Serf (such as Subversion on Fedora 20 and later, refer also to bug 1127063) into accepting it by mistake, allowing the attacker to perform a man-in-the-middle attack. Patch by: Ben Reser of WANdisco via Serf Project and Apache Serf
|
Completed in 24 milliseconds