Opened 23 months ago
Closed 23 months ago
#16613 closed enhancement (fixed)
nss-3.79
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | elevated | Milestone: | 11.2 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
Now available (also 3.68.4, shipped in ff-91.10.0esr and 3.78.1 shipped in ff-101.0)
The bugs noted in the release note for 3.78.1 (shipped in 101.0) were
- Bug 1767590 - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple.
- Bug 1766978 - improve error handling after nssCKFWInstance_CreateObjectHandle.
Both of those are not public, so probably security related.
I found the release notes for 3.79 at https://hg.mozilla.org/projects/nss/rev/9b260a9d5cb0d3e82c471336952688a82dc5cece, which references those two bugs and several others.
- Bug 205717 - Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls.
- Bug 1766907 - Update mercurial in clang-format docker image.
- Bug 1454072 - Use of uninitialized pointer in lg_init after alloc fail.
- Bug 1769295 - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo.
- Bug 1753315 - Add SECMOD_LockedModuleHasRemovableSlots.
- Bug 1387919 - Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP.
- Bug 1765753 - Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts.
- Bug 1765753 - TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version.
- Bug 1764788 - Correct invalid record inner and outer content type alerts.
- Bug 1757075 - NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding.
- Bug 1766978 - improve error handling after nssCKFWInstance_CreateObjectHandle.
- Bug 1767590 - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple.
- Bug 1769302 - NSS 3.79 should depend on NSPR 4.34
Note:
See TracTickets
for help on using tickets.
Fixed in 71e36c79878dc6f20779655b1a966a810561445d 11.1-612 Security Advisory SA 11.1-055