Accepting request 400673 from home:AndreasStieger:branches:mozilla:Factory

CVE-2016-1950 was already fixed in 3.22.3, add there. Add CVE-2016-2834 to 3.23 section OBS-URL: https://build.opensuse.org/request/show/400673 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=214
2016-06-08 12:57:14 +00:00 · 2016-06-08 12:57:14 +00:00 · ec6a54a194
commit ec6a54a194
parent 0761a83e02
1 changed files with 7 additions and 5 deletions
--- a/mozilla-nss.changes
+++ b/mozilla-nss.changes
@ -40,11 +40,8 @@ Thu May 26 05:59:03 UTC 2016 - wr@rosenauer.org
  * The following CA certificate had the Email trust bit turned on
    + Actalis Authentication Root CA
  Security fixes:
-  * Fixed a heap-based buffer overflow related to the parsing of
-    certain ASN.1 structures. An attacker could create a specially-crafted
-    certificate which, when parsed by NSS, would cause a crash or
-    execution of arbitrary code with the permissions of the user.
-    (CVE-2016-1950, bmo#1245528)
+  * CVE-2016-2834: Memory safety bugs (boo#983639)
+    MFSA-2016-61 bmo#1206283 bmo#1221620 bmo#1241034 bmo#1241037
 - removed obsolete nss_gcc6_change.patch

 -------------------------------------------------------------------
@ -60,6 +57,11 @@ Tue Mar 15 10:25:38 UTC 2016 - wr@rosenauer.org
  * Increase compatibility of TLS extended master secret,
    don't send an empty TLS extension last in the handshake
    (bmo#1243641)
+  * Fixed a heap-based buffer overflow related to the parsing of
+    certain ASN.1 structures. An attacker could create a specially-crafted
+    certificate which, when parsed by NSS, would cause a crash or
+    execution of arbitrary code with the permissions of the user.
+    (CVE-2016-1950, bmo#1245528)

 -------------------------------------------------------------------
 Wed Mar  9 15:42:01 UTC 2016 - wr@rosenauer.org