#7041 closed enhancement (fixed)
nspr-4.10.10
Reported by: | Fernando de Oliveira | Owned by: | Fernando de Oliveira |
---|---|---|---|
Priority: | high | Milestone: | 7.9 |
Component: | BOOK | Version: | SVN |
Severity: | normal | Keywords: | |
Cc: |
Description (last modified by )
- Bug 1205157 (CVE-2015-7183)
...
This issue affects applications that were compiled with or linked against an affected NSPR version; to resolve this issue, affected applications must be recompiled with a non-affected NSPR version.
https://ftp.mozilla.org/pub/mozilla.org/nspr/releases/v4.10.10/src/nspr-4.10.10.tar.gz
https://ftp.mozilla.org/pub/mozilla.org/nspr/releases/v4.10.10/src/SHA1SUMS
d90b61d96248577a551bd322199dfa2438941661 nspr-4.10.10.tar.gz
https://groups.google.com/forum/#!topic/mozilla.dev.tech.nspr/zKZoFtsDjtk
[ANNOUNCE] NSPR 4.10.10 Release Kai Engert-4 The NSPR 4.10.10 release is now available. The hg tag is NSPR_4_10_10_RTM. The source tar file can be downloaded from https://ftp.mozilla.org/pub/mozilla.org/nspr/releases/v4.10.10/src/ Security Advisories The following security-relevant bugs have been resolved in NSPR 4.10.10. Users are encouraged to upgrade immediately. - Bug 1205157 (CVE-2015-7183) A logic bug in the handling of large allocations would allow exceptionally large allocations to be reported as successful, without actually allocating the requested memory. This may allow attackers to bypass security checks and obtain control of arbitrary memory. This issue affects applications that were compiled with or linked against an affected NSPR version; to resolve this issue, affected applications must be recompiled with a non-affected NSPR version. NSPR 4.10.10 has the following additional bug fixes: - Bug 1199867: Fixed a regression that broke 32-bits mips w/ glibc
Change History (4)
comment:1 by , 9 years ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
comment:2 by , 9 years ago
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
comment:3 by , 9 years ago
Description: | modified (diff) |
---|---|
Priority: | normal → high |
After I found the announcement, changing Priority to high.
comment:4 by , 9 years ago
Description: | modified (diff) |
---|
Sorry,
Fixing mail list to original mozilla, actually
https://groups.google.com/forum/#!forum/mozilla.dev.tech.nspr
Fixed at r16560.