From ec6a54a194ea612f5ea195cdf5b41629841424c52a7673fdae7638894331531e Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Wed, 8 Jun 2016 12:57:14 +0000 Subject: [PATCH] Accepting request 400673 from home:AndreasStieger:branches:mozilla:Factory CVE-2016-1950 was already fixed in 3.22.3, add there. Add CVE-2016-2834 to 3.23 section OBS-URL: https://build.opensuse.org/request/show/400673 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=214 --- mozilla-nss.changes | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/mozilla-nss.changes b/mozilla-nss.changes index fabb816..38b4416 100644 --- a/mozilla-nss.changes +++ b/mozilla-nss.changes @@ -40,11 +40,8 @@ Thu May 26 05:59:03 UTC 2016 - wr@rosenauer.org * The following CA certificate had the Email trust bit turned on + Actalis Authentication Root CA Security fixes: - * Fixed a heap-based buffer overflow related to the parsing of - certain ASN.1 structures. An attacker could create a specially-crafted - certificate which, when parsed by NSS, would cause a crash or - execution of arbitrary code with the permissions of the user. - (CVE-2016-1950, bmo#1245528) + * CVE-2016-2834: Memory safety bugs (boo#983639) + MFSA-2016-61 bmo#1206283 bmo#1221620 bmo#1241034 bmo#1241037 - removed obsolete nss_gcc6_change.patch ------------------------------------------------------------------- @@ -60,6 +57,11 @@ Tue Mar 15 10:25:38 UTC 2016 - wr@rosenauer.org * Increase compatibility of TLS extended master secret, don't send an empty TLS extension last in the handshake (bmo#1243641) + * Fixed a heap-based buffer overflow related to the parsing of + certain ASN.1 structures. An attacker could create a specially-crafted + certificate which, when parsed by NSS, would cause a crash or + execution of arbitrary code with the permissions of the user. + (CVE-2016-1950, bmo#1245528) ------------------------------------------------------------------- Wed Mar 9 15:42:01 UTC 2016 - wr@rosenauer.org