Custom Query (19868 matches)
Results (85 - 87 of 19868)
| Ticket | Owner | Reporter | Resolution | Summary |
|---|---|---|---|---|
| #7490 | fixed | OpenSSL-1.0.2g | ||
| Description |
https://openssl.org/source/openssl-1.0.2g.tar.gz https://openssl.org/news/secadv/20160301.txt Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800) Double-free in DSA code (CVE-2016-0705) Memory leak in SRP database lookups (CVE-2016-0798) BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption (CVE-2016-0797) Fix memory issues in BIO_*printf functions (CVE-2016-0799) Side channel attack on modular exponentiation (CVE-2016-0702) Divide-and-conquer session key recovery in SSLv2 (CVE-2016-0703) Bleichenbacher oracle in SSLv2 (CVE-2016-0704) |
|||
| #7496 | fixed | firefox-45.0 | ||
| Description |
Dunno if this is too late for 7.9, but it contains the usual crop of security fixes listed at https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/ including the following marked as critical: 2016-37 Font vulnerabilities in the Graphite 2 library 2016-35 Buffer overflow during ASN.1 decoding in NSS (and nss-3.23 is out) 2016-27 Use-after-free during XML transformations 2016-25 Use-after-free when using multiple WebRTC data channels 2016-24 Use-after-free in SetBody 2016-23 Use-after-free in HTML5 string parser 2016-22 Service Worker Manager out-of-bounds read in Service Worker Manager |
|||
| #7497 | fixed | nss-3.23 | ||
| Description |
Release notes at https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.23_release_notes including: Security Fixes in NSS 3.23 Edit
(no public information on either of those, I assume this matches the nss change in firefox). |
|||
