CVE-2014-3522

Priority
Medium
Description
The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18
and 1.8.x before 1.8.10 does not properly handle wildcards in the Common
Name (CN) or subjectAltName field of the X.509 certificate, which allows
man-in-the-middle attackers to spoof servers via a crafted certificate.
References
Bugs
Assigned-to
mdeslaur
Package
Upstream:released (1.7.10,1.8.10)
Ubuntu 12.04 LTS (Precise Pangolin):released (1.6.17dfsg-3ubuntu3.4)
Ubuntu 14.04 LTS (Trusty Tahr):released (1.8.8-1ubuntu3.1)
Patches:
Upstream:https://subversion.apache.org/security/CVE-2014-3522-advisory.txt
Upstream:http://svn.apache.org/viewvc?view=revision&revision=1615214 (1.7.x)
Upstream:http://svn.apache.org/viewvc?view=revision&revision=1615215 (1.7.x)
Upstream:http://svn.apache.org/viewvc?view=revision&revision=1615204 (1.8.x)
Upstream:http://svn.apache.org/viewvc?view=revision&revision=1615212 (1.8.x)
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:42:35 UTC (commit 9756)