Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 848984

Summary: <dev-libs/nss-{3.68.4, 3.79}: Multiple vulnerabilities
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: mozilla
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: A2 [glsa+]
Package list:
Runtime testing required: ---
Bug Depends on: 849347    
Bug Blocks:    

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-06-01 09:39:29 UTC 
From release notes:
"""
This release fixes memory safety violations that can occur when parsing CMS data. We presume that with enough effort these memory safety violations are exploitable.
"""
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-06-01 09:39:40 UTC 
Please stable when ready.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-06-04 16:06:51 UTC 
Please cleanup
Comment 3 Larry the Git Cow gentoo-dev 2022-06-05 06:18:37 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1ee8a8e476ad9d6c92c003cc7fa62d1c93b39e34

commit 1ee8a8e476ad9d6c92c003cc7fa62d1c93b39e34
Author:     Joonas Niilola <juippis@gentoo.org>
AuthorDate: 2022-06-05 06:13:26 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2022-06-05 06:18:35 +0000

    dev-libs/nss: security cleanup
    
    Bug: https://bugs.gentoo.org/848984
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 dev-libs/nss/Manifest          |   2 -
 dev-libs/nss/nss-3.68.3.ebuild | 362 -----------------------------------------
 dev-libs/nss/nss-3.78.ebuild   | 361 ----------------------------------------
 3 files changed, 725 deletions(-)
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-11-22 18:12:02 UTC 
GLSA request filed
Comment 5 Larry the Git Cow gentoo-dev 2022-12-19 02:05:28 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=300d0a6989f134e6228f91cb9ea405db485ee8f0

commit 300d0a6989f134e6228f91cb9ea405db485ee8f0
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-12-19 02:01:58 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-12-19 02:04:29 +0000

    [ GLSA 202212-05 ] Mozilla Network Security Service (NSS): Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/827946
    Bug: https://bugs.gentoo.org/836386
    Bug: https://bugs.gentoo.org/848984
    Bug: https://bugs.gentoo.org/877169
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202212-05.xml | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)
Comment 6 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-12-19 02:31:50 UTC 
GLSA released, all done.