deepcrayon/buildroot
deepcrayon/buildroot
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

libnss: security bump to version 3.22.2

Browse source 
Fixes:
CVE-2016-1950 - heap-based buffer overflow related to the parsing of
certain ASN.1 structures. An attacker could create a specially-crafted
certificate which, when parsed by NSS, would cause a crash or execution
of arbitrary code with the permissions of the user.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Gustavo Zacarias 2016-03-09 08:41:20 -03:00 committed by Peter Korsgaard
parent c6e635735d
commit 09f0b8c353
2 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
package/libnss/libnss.hash
View file

@ -1,2 +1,2 @@
# From https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_22_1_RTM/src/SHA256SUMS
sha256 89e1fc7074e5c325962821289f4cd7d8207ae95af2308ba881215ed9ca68fa4f nss-3.22.1.tar.gz
# From https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_22_2_RTM/src/SHA256SUMS
sha256 07d49287c527ac31200f02dcf8494cef19e936d8ed470802749c4dfc782d3650 nss-3.22.2.tar.gz

2
package/libnss/libnss.mk
View file

@ -4,7 +4,7 @@
#
################################################################################
LIBNSS_VERSION = 3.22.1
LIBNSS_VERSION = 3.22.2
LIBNSS_SOURCE = nss-$(LIBNSS_VERSION).tar.gz
LIBNSS_SITE = https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_$(subst .,_,$(LIBNSS_VERSION))_RTM/src
LIBNSS_DISTDIR = dist