Opened 8 years ago
Closed 8 years ago
Last modified 8 years ago
#7041 closed enhancement (fixed)
|Reported by:||Fernando de Oliveira||Owned by:||Fernando de Oliveira|
Description (last modified by )
- Bug 1205157 (CVE-2015-7183)
This issue affects applications that were compiled with or linked against an affected NSPR version; to resolve this issue, affected applications must be recompiled with a non-affected NSPR version.
[ANNOUNCE] NSPR 4.10.10 Release Kai Engert-4 The NSPR 4.10.10 release is now available. The hg tag is NSPR_4_10_10_RTM. The source tar file can be downloaded from https://ftp.mozilla.org/pub/mozilla.org/nspr/releases/v4.10.10/src/ Security Advisories The following security-relevant bugs have been resolved in NSPR 4.10.10. Users are encouraged to upgrade immediately. - Bug 1205157 (CVE-2015-7183) A logic bug in the handling of large allocations would allow exceptionally large allocations to be reported as successful, without actually allocating the requested memory. This may allow attackers to bypass security checks and obtain control of arbitrary memory. This issue affects applications that were compiled with or linked against an affected NSPR version; to resolve this issue, affected applications must be recompiled with a non-affected NSPR version. NSPR 4.10.10 has the following additional bug fixes: - Bug 1199867: Fixed a regression that broke 32-bits mips w/ glibc
Change History (4)
comment:1 by , 8 years ago
|Status:||new → assigned|
comment:2 by , 8 years ago
|Status:||assigned → closed|
comment:3 by , 8 years ago
|Priority:||normal → high|
After I found the announcement, changing Priority to high.
comment:4 by , 8 years ago
Fixing mail list to original mozilla, actually
Fixed at r16560.