nspr-4.10.10

[Fernando de Oliveira]

• Bug 1205157 (CVE-2015-7183)

...

This issue affects applications that were compiled with or linked against an affected NSPR version; to resolve this issue, affected applications must be recompiled with a non-affected NSPR version.

​https://ftp.mozilla.org/pub/mozilla.org/nspr/releases/v4.10.10/src/nspr-4.10.10.tar.gz

​https://ftp.mozilla.org/pub/mozilla.org/nspr/releases/v4.10.10/src/SHA1SUMS

d90b61d96248577a551bd322199dfa2438941661 nspr-4.10.10.tar.gz

​http://mozilla.6506.n7.nabble.com/ANNOUNCE-NSPR-4-10-10-Release-td346822.html

[ANNOUNCE] NSPR 4.10.10 Release
Kai Engert-4
	
The NSPR 4.10.10 release is now available.  The hg tag is
NSPR_4_10_10_RTM.  The source tar file can be downloaded from
https://ftp.mozilla.org/pub/mozilla.org/nspr/releases/v4.10.10/src/

Security Advisories

The following security-relevant bugs have been resolved in NSPR 4.10.10.
Users are encouraged to upgrade immediately.

- Bug 1205157 (CVE-2015-7183)

  A logic bug in the handling of large allocations would allow
  exceptionally large allocations to be reported as successful, without
  actually allocating the requested memory. This may allow attackers to
  bypass security checks and obtain control of arbitrary memory.

  This issue affects applications that were compiled with or linked
  against an affected NSPR version; to resolve this issue, affected
  applications must be recompiled with a non-affected NSPR version.

NSPR 4.10.10 has the following additional bug fixes:

- Bug 1199867: Fixed a regression that broke 32-bits mips w/ glibc 

[Fernando de Oliveira]

Fixed at r16560.

[Fernando de Oliveira]

After I found the announcement, changing Priority to high.