Bug 701840 (CVE-2019-11745)

Summary:	<dev-libs/nss-3.47.1: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745)
Product:	Gentoo Security	Reporter:	GLSAMaker/CVETool Bot <glsamaker>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	mozilla
Priority:	Normal	Flags:	stable-bot: sanity-check+
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	A3 [glsa+ cve]
Package list:	dev-libs/nss-3.47.1	Runtime testing required:	---

Description GLSAMaker/CVETool Bot gentoo-dev

2019-12-02 23:21:35 UTC

CVE-2019-11745 (https://nvd.nist.gov/vuln/detail/CVE-2019-11745):
  Out-of-bounds write when passing an output buffer smaller than the block
  size to NSC_EncryptUpdate.

Comment 1 Aaron Bauman Gentoo Infrastructure

2019-12-03 01:54:24 UTC

arm64 stable

Comment 2 Agostino Sarubbo gentoo-dev

2019-12-03 10:04:08 UTC

amd64 stable

Comment 3 Agostino Sarubbo gentoo-dev

2019-12-03 10:07:11 UTC

x86 stable

Comment 4 Agostino Sarubbo gentoo-dev

2019-12-03 10:08:46 UTC

sparc stable

Comment 5 Agostino Sarubbo gentoo-dev

2019-12-03 11:57:16 UTC

ia64 stable

Comment 6 Agostino Sarubbo gentoo-dev

2019-12-03 11:58:39 UTC

ppc64 stable

Comment 7 Agostino Sarubbo gentoo-dev

2019-12-10 10:55:02 UTC

ppc stable

Comment 8 Rolf Eike Beer archtester

2019-12-10 19:51:38 UTC

hppa stable

Comment 9 Thomas Deutschmann gentoo-dev

2020-03-15 15:33:39 UTC

Added to an existing GLSA.

Comment 10 GLSAMaker/CVETool Bot gentoo-dev

2020-03-16 21:19:40 UTC

This issue was resolved and addressed in
 GLSA 202003-37 at https://security.gentoo.org/glsa/202003-37
by GLSA coordinator Thomas Deutschmann (whissi).