NULbytes.patch - OpenGrok history log for /AOO41X/ext

Revision	Date	Author	Comments
# 2183b998	03-Oct-2020	DonLewisFreeBSD <truckman@FreeBSD.org>	Merge pull request #102 from DonLewisFreeBSD/libxml+serf-418 Libxml+serf 418
# 5661f8d9	30-Sep-2020	Don Lewis <truckman@apache.org>	Fix handling of NUL characters in certificate fields A flaw was found in the way Serf handled NUL characters in the CommonName and SubjectAltNames fields of X.509 certificates. An attacker able to g Fix handling of NUL characters in certificate fields A flaw was found in the way Serf handled NUL characters in the CommonName and SubjectAltNames fields of X.509 certificates. An attacker able to get a carefully-crafted certificate signed by a trusted Certificate Authority could trick applications using Serf (such as Subversion on Fedora 20 and later, refer also to bug 1127063) into accepting it by mistake, allowing the attacker to perform a man-in-the-middle attack. Patch by: Ben Reser of WANdisco via Serf Project and Apache Serf show more ...

Revision

Date

Author

Comments

# 2183b998

03-Oct-2020

DonLewisFreeBSD <truckman@FreeBSD.org>

Merge pull request #102 from DonLewisFreeBSD/libxml+serf-418

Libxml+serf 418

# 5661f8d9

30-Sep-2020

Don Lewis <truckman@apache.org>

Fix handling of NUL characters in certificate fields

A flaw was found in the way Serf handled NUL characters in the CommonName
and SubjectAltNames fields of X.509 certificates. An attacker able to
g

Fix handling of NUL characters in certificate fields

A flaw was found in the way Serf handled NUL characters in the CommonName
and SubjectAltNames fields of X.509 certificates. An attacker able to
get a carefully-crafted certificate signed by a trusted Certificate
Authority could trick applications using Serf (such as Subversion on
Fedora 20 and later, refer also to bug 1127063) into accepting it by
mistake, allowing the attacker to perform a man-in-the-middle attack.

Patch by: Ben Reser of WANdisco via Serf Project and Apache Serf