[Buildroot] [PATCH 2/2] libnss: security bump to version 3.33
Peter Korsgaard
peter at korsgaard.com
Sun Oct 15 21:04:53 UTC 2017
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Fixes CVE-2017-7805 - Martin Thomson discovered that nss, the Mozilla
> Network Security Service library, is prone to a use-after-free vulnerability
> in the TLS 1.2 implementation when handshake hashes are generated. A remote
> attacker can take advantage of this flaw to cause an application using the
> nss library to crash, resulting in a denial of service, or potentially to
> execute arbitrary code.
> Also add a hash for the license file while we're at it.
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed to 2017.02.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list