[Buildroot] [PATCH] libnss: security bump to version 3.17.3

Peter Korsgaard peter at korsgaard.com
Tue Dec 16 22:48:52 UTC 2014


>>>>> "Gustavo" == Gustavo Zacarias <gustavo at zacarias.com.ar> writes:

 > Fixes CVE-2014-1569 - The definite_length_decoder function in
 > lib/util/quickder.c in Mozilla Network Security Services (NSS) before
 > 3.16.2.4 and 3.17.x before 3.17.3 does not ensure that the DER encoding
 > of an ASN.1 length is properly formed, which allows remote attackers to
 > conduct data-smuggling attacks by using a long byte sequence for an
 > encoding.

 > Signed-off-by: Gustavo Zacarias <gustavo at zacarias.com.ar>

Committed, thanks.

-- 
Bye, Peter Korsgaard



More information about the buildroot mailing list