libnss: security bump to version 3.20.1
authorGustavo Zacarias <gustavo@zacarias.com.ar>
Mon, 9 Nov 2015 12:49:43 +0000 (09:49 -0300)
committerPeter Korsgaard <peter@korsgaard.com>
Mon, 9 Nov 2015 21:09:02 +0000 (22:09 +0100)
commitc02f2606cf576cbeff088f5ffd3521783d16516c
tree3ebe5694e7e8b5ac450c23b69c7c1241d0a1591f
parent29206817d00f8a00991be771fc3db456b5881597
libnss: security bump to version 3.20.1

Fixes:
CVE-2015-7181 - A use-after-poison flaw was found in the way NSS parsed
certain ASN.1 structures. An attacker could use this flaw to cause NSS
to crash or execute arbitrary code with the permissions of the user
running an application compiled against the NSS library.
CVE-2015-7182 - A heap-based buffer overflow flaw was found in the way
NSS parsed certain ASN.1 structures. An attacker could use this flaw to
cause NSS to crash or execute arbitrary code with the permissions of the
user running an application compiled against the NSS library.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/libnss/libnss.hash
package/libnss/libnss.mk