[Buildroot] [PATCH] libnss: security bump to version 3.17.3
Peter Korsgaard
peter at korsgaard.com
Tue Dec 16 22:48:52 UTC 2014
>>>>> "Gustavo" == Gustavo Zacarias <gustavo at zacarias.com.ar> writes:
> Fixes CVE-2014-1569 - The definite_length_decoder function in
> lib/util/quickder.c in Mozilla Network Security Services (NSS) before
> 3.16.2.4 and 3.17.x before 3.17.3 does not ensure that the DER encoding
> of an ASN.1 length is properly formed, which allows remote attackers to
> conduct data-smuggling attacks by using a long byte sequence for an
> encoding.
> Signed-off-by: Gustavo Zacarias <gustavo at zacarias.com.ar>
Committed, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list