Summary: | <dev-libs/nspr-4.10.10, <dev-libs/nss-3.20.1: use-after-poison, buffer overflow, integer overflow (CVE-2015-{7181,7182,7183}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Hanno Böck <hanno> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | arm64, m68k, mischief, mozilla, s390, sh+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.mozilla.org/en-US/security/advisories/mfsa2015-133/ | ||
Whiteboard: | A2 [glsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Hanno Böck
2015-11-03 20:19:00 UTC
Ebuilds for both packages are in the tree now. Arches, please stabilize: dev-libs/nspr-4.10.10 dev-libs/nss-3.20.1 amd64 stable x86 stable Stable for HPPA PPC64. ppc stable arm stable alpha stable ia64 stable sparc stable Arches, Thank you for your work. New GLSA Request filed. Maintainer(s), please drop the vulnerable version(s). It has been 30 days since last request. Maintainer(s), please drop the vulnerable version(s). This issue was resolved and addressed in GLSA 201605-06 at https://security.gentoo.org/glsa/201605-06 by GLSA coordinator Yury German (BlueKnight). |