From https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/ CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS Impact critical Description An out-of-bounds write during Base64 decoding operation in the Network Security Services (NSS) library due to insufficient memory being allocated to the buffer. This results in a potentially exploitable crash. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 45.9 has been updated with NSS version 3.21.4.
3.21.x has long been dropped from the gentoo repo, however I don't know what other versions of NSS may be affected. The CVE hasn't actually been filed yet so i guess we will have to wait.
Right, keep in mind that NSS version schema is complicated: I.e. just because 3.28.1 is higher than 3.21.4 you cannot be sure that it contains all the fixes from 3.21.4. So yes, we have to wait for more information.
Addressed in >=dev-libs/nss-3.29.5 and >=dev-libs/nss-3.30.1 Arches, please stabilize dev-libs/nss-3.29.5 for target KEYWORDS="alpha amd64 arm arm64 hppa ia64 ppc ppc64"
Stable on alpha.
Stable for HPPA.
amd64 stable
x86 stable
sparc stable
ppc stable
ppc64 stable
Remaining arches are not part of security supported architectures, please stabilize when you have a chance. New GLSA Request filed.
arm stable
This issue was resolved and addressed in GLSA 201705-04 at https://security.gentoo.org/glsa/201705-04 by GLSA coordinator Thomas Deutschmann (whissi).
Re-opening for ia64 and cleanup.
ia64 please stabilize or move to ~ia64 Maintainer(s), please drop the vulnerable version(s).
ia64 stable. Maintainer(s), please cleanup.
Maintainer(s), please drop the vulnerable version(s).
commit d20959fb60e5947f9dab5874e9ac52314b7fb542 Author: Lars Wendler <polynomial-c@gentoo.org> Date: Wed Jul 5 11:22:52 2017 dev-libs/nss: Security cleanup for bug #616032
(In reply to Lars Wendler (Polynomial-C) from comment #18) > commit d20959fb60e5947f9dab5874e9ac52314b7fb542 > Author: Lars Wendler <polynomial-c@gentoo.org> > Date: Wed Jul 5 11:22:52 2017 > > dev-libs/nss: Security cleanup for bug #616032 Thank you.