(MFSA 2015-70/CVE-2015-4000)

* NSS incorrectly permits skipping of ServerKeyExchange (bmo#1086145) (MFSA 2015-71/CVE-2015-2721) OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=187
2015-07-03 05:51:39 +00:00 · 2015-07-03 05:51:39 +00:00 · 11da47024a
commit 11da47024a
parent 440894e094
1 changed files with 3 additions and 0 deletions
--- a/mozilla-nss.changes
+++ b/mozilla-nss.changes
@ -33,11 +33,14 @@ Sun May 31 13:22:47 UTC 2015 - wr@rosenauer.org
  * The minimum strength of keys that libssl will accept for
    finite field algorithms (RSA, Diffie-Hellman, and DSA) have
    been increased to 1023 bits (bmo#1138554).
+    (MFSA 2015-70/CVE-2015-4000)
  * NSS reports the bit length of keys more accurately.  Thus,
    the SECKEY_PublicKeyStrength and SECKEY_PublicKeyStrengthInBits
    functions could report smaller values for values that have
    leading zero values. This affects the key strength values that
    are reported by SSL_GetChannelInfo.
+  * NSS incorrectly permits skipping of ServerKeyExchange
+    (bmo#1086145) (MFSA 2015-71/CVE-2015-2721)

 -------------------------------------------------------------------
 Sat May 23 07:36:27 UTC 2015 - wr@rosenauer.org