./devel/nss, Libraries to support development of security-enabled applications

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: pkgsrc-2015Q3, Version: 3.20.1, Package name: nss-3.20.1, Maintainer: pkgsrc-users

Network Security Services (NSS) is a set of libraries designed to support
cross-platform development of security-enabled server applications.
Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7,
PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security
standards.


Required to run:
[devel/nspr] [databases/sqlite3]

Master sites: (Expand)

SHA1: 6f123d05a8184cdc5ab4c903250f3c9b5b96dea4
RMD160: f7cd3b4d84ecad80c22126db49ce46cff1d64d42
Filesize: 6795.855 KB

Version history: (Expand)

CVS history: (Expand)


   2015-11-19 21:39:15 by Benny Siegert | Files touched by this commit (2) 
Log message:
Pullup ticket #4853 - requested by he
devel/nss: security fix

Revisions pulled up:
- devel/nss/Makefile                                            1.103
- devel/nss/distinfo                                            1.52

---
   Module Name:	pkgsrc
   Committed By:	ryoon
   Date:		Tue Nov  3 16:55:07 UTC 2015

   Modified Files:
   	pkgsrc/devel/nss: Makefile distinfo

   Log message:
   Update to 3.20.1

   Changelog:
   The following security-relevant bugs have been resolved in NSS 3.20.1.
   Users are encouraged to upgrade immediately.

   * Bug 1192028 (CVE-2015-7181) and
     Bug 1202868 (CVE-2015-7182):
     Several issues existed within the ASN.1 decoder used by NSS for handling
     streaming BER data. While the majority of NSS uses a separate, unaffected
     DER decoder, several public routines also accept BER data, and thus are
     affected. An attacker that successfully exploited these issues can overflow
     the heap and may be able to obtain remote code execution.