---
- branch: pkgsrc-2015Q3
  date: Thu Nov 19 20:39:15 UTC 2015
  files:
  - new: 1.100.2.1
    old: '1.100'
    path: pkgsrc/devel/nss/Makefile
    pathrev: pkgsrc/devel/nss/Makefile@1.100.2.1
    type: modified
  - new: 1.50.2.1
    old: '1.50'
    path: pkgsrc/devel/nss/distinfo
    pathrev: pkgsrc/devel/nss/distinfo@1.50.2.1
    type: modified
  id: 20151119T203915Z.e9c79b281be1188d3429fc8adc64458471357955
  log: "Pullup ticket #4853 - requested by he\ndevel/nss: security fix\n\nRevisions
    pulled up:\n- devel/nss/Makefile                                            1.103\n-
    devel/nss/distinfo                                            1.52\n\n---\n   Module
    Name:\tpkgsrc\n   Committed By:\tryoon\n   Date:\t\tTue Nov  3 16:55:07 UTC 2015\n\n
    \  Modified Files:\n   \tpkgsrc/devel/nss: Makefile distinfo\n\n   Log Message:\n
    \  Update to 3.20.1\n\n   Changelog:\n   The following security-relevant bugs
    have been resolved in NSS 3.20.1.\n   Users are encouraged to upgrade immediately.\n\n
    \  * Bug 1192028 (CVE-2015-7181) and\n     Bug 1202868 (CVE-2015-7182):\n     Several
    issues existed within the ASN.1 decoder used by NSS for handling\n     streaming
    BER data. While the majority of NSS uses a separate, unaffected\n     DER decoder,
    several public routines also accept BER data, and thus are\n     affected. An
    attacker that successfully exploited these issues can overflow\n     the heap
    and may be able to obtain remote code execution.\n"
  module: pkgsrc
  subject: 'CVS commit: [pkgsrc-2015Q3] pkgsrc/devel/nss'
  unixtime: '1447965555'
  user: bsiegert