Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 848984 - <dev-libs/nss-{3.68.4, 3.79}: Multiple vulnerabilities
Summary: <dev-libs/nss-{3.68.4, 3.79}: Multiple vulnerabilities
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A2 [glsa+]
Keywords:
Depends on: 849347
Blocks:
  Show dependency tree
 
Reported: 2022-06-01 09:39 UTC by Sam James
Modified: 2022-12-19 02:31 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-06-01 09:39:29 UTC 
From release notes:
"""
This release fixes memory safety violations that can occur when parsing CMS data. We presume that with enough effort these memory safety violations are exploitable.
"""
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-06-01 09:39:40 UTC 
Please stable when ready.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-06-04 16:06:51 UTC 
Please cleanup
Comment 3 Larry the Git Cow gentoo-dev 2022-06-05 06:18:37 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1ee8a8e476ad9d6c92c003cc7fa62d1c93b39e34

commit 1ee8a8e476ad9d6c92c003cc7fa62d1c93b39e34
Author:     Joonas Niilola <juippis@gentoo.org>
AuthorDate: 2022-06-05 06:13:26 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2022-06-05 06:18:35 +0000

    dev-libs/nss: security cleanup
    
    Bug: https://bugs.gentoo.org/848984
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 dev-libs/nss/Manifest          |   2 -
 dev-libs/nss/nss-3.68.3.ebuild | 362 -----------------------------------------
 dev-libs/nss/nss-3.78.ebuild   | 361 ----------------------------------------
 3 files changed, 725 deletions(-)
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-11-22 18:12:02 UTC 
GLSA request filed
Comment 5 Larry the Git Cow gentoo-dev 2022-12-19 02:05:28 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=300d0a6989f134e6228f91cb9ea405db485ee8f0

commit 300d0a6989f134e6228f91cb9ea405db485ee8f0
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-12-19 02:01:58 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-12-19 02:04:29 +0000

    [ GLSA 202212-05 ] Mozilla Network Security Service (NSS): Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/827946
    Bug: https://bugs.gentoo.org/836386
    Bug: https://bugs.gentoo.org/848984
    Bug: https://bugs.gentoo.org/877169
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202212-05.xml | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)
Comment 6 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-12-19 02:31:50 UTC 
GLSA released, all done.