Accepting request 400673 from home:AndreasStieger:branches:mozilla:Factory

CVE-2016-1950 was already fixed in 3.22.3, add there.
Add CVE-2016-2834 to 3.23 section

OBS-URL: https://build.opensuse.org/request/show/400673
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=214

mozilla-nss.changes

@@ -40,11 +40,8 @@ Thu May 26 05:59:03 UTC 2016 - wr@rosenauer.org
   * The following CA certificate had the Email trust bit turned on
     + Actalis Authentication Root CA
   Security fixes:
-  * Fixed a heap-based buffer overflow related to the parsing of
+  * CVE-2016-2834: Memory safety bugs (boo#983639)
-    certain ASN.1 structures. An attacker could create a specially-crafted
+    MFSA-2016-61 bmo#1206283 bmo#1221620 bmo#1241034 bmo#1241037
-    certificate which, when parsed by NSS, would cause a crash or
-    execution of arbitrary code with the permissions of the user.
-    (CVE-2016-1950, bmo#1245528)
 - removed obsolete nss_gcc6_change.patch
 
 -------------------------------------------------------------------
@@ -60,6 +57,11 @@ Tue Mar 15 10:25:38 UTC 2016 - wr@rosenauer.org
   * Increase compatibility of TLS extended master secret,
     don't send an empty TLS extension last in the handshake
     (bmo#1243641)
+  * Fixed a heap-based buffer overflow related to the parsing of
+    certain ASN.1 structures. An attacker could create a specially-crafted
+    certificate which, when parsed by NSS, would cause a crash or
+    execution of arbitrary code with the permissions of the user.
+    (CVE-2016-1950, bmo#1245528)
 
 -------------------------------------------------------------------
 Wed Mar  9 15:42:01 UTC 2016 - wr@rosenauer.org