[Secure-testing-commits] r40631 - data/CVE
Antoine Beaupré
anarcat at moszumanska.debian.org
Tue Mar 29 15:38:02 UTC 2016
Author: anarcat
Date: 2016-03-29 15:38:02 +0000 (Tue, 29 Mar 2016)
New Revision: 40631
Modified:
data/CVE/list
Log:
Summary: clarify NSS patches for CVE-2015-7575
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-03-29 15:11:18 UTC (rev 40630)
+++ data/CVE/list 2016-03-29 15:38:02 UTC (rev 40631)
@@ -13932,6 +13932,8 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/05/05/8
NOTE: http://www.mitls.org/pages/attacks/SLOTH
NOTE: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/1ad1d1b46fef
+ NOTE: NSS upstream fix is actually in 3.20.2: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.2_release_notes
+ NOTE: NSS patch: https://hg.mozilla.org/projects/nss/raw-rev/891676aa0d85
TODO: check other possible affected libraries (PolarSSL/mbedTLS, ...)
CVE-2015-7574
RESERVED
More information about the Secure-testing-commits
mailing list