Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK)) by mollari.NetBSD.org (Postfix) with ESMTPS id 84534A669A for ; Thu, 19 Nov 2015 20:39:17 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id 30C8D14A215; Thu, 19 Nov 2015 20:39:17 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 767AE14A210 for ; Thu, 19 Nov 2015 20:39:16 +0000 (UTC) X-Virus-Scanned: amavisd-new at NetBSD.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id Lqih_QcTrNay for ; Thu, 19 Nov 2015 20:39:16 +0000 (UTC) Received: from cvs.netbsd.org (cvs.NetBSD.org [IPv6:2001:4f8:3:7:2e0:81ff:fe30:95bd]) by mail.netbsd.org (Postfix) with ESMTP id 056CD14A20E for ; Thu, 19 Nov 2015 20:39:16 +0000 (UTC) Received: by cvs.netbsd.org (Postfix, from userid 500) id F407A98; Thu, 19 Nov 2015 20:39:15 +0000 (UTC) Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" MIME-Version: 1.0 Date: Thu, 19 Nov 2015 20:39:15 +0000 From: "Benny Siegert" Subject: CVS commit: [pkgsrc-2015Q3] pkgsrc/devel/nss To: pkgsrc-changes@NetBSD.org Reply-To: bsiegert@netbsd.org X-Mailer: log_accum Message-Id: <20151119203915.F407A98@cvs.netbsd.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk Module Name: pkgsrc Committed By: bsiegert Date: Thu Nov 19 20:39:15 UTC 2015 Modified Files: pkgsrc/devel/nss [pkgsrc-2015Q3]: Makefile distinfo Log Message: Pullup ticket #4853 - requested by he devel/nss: security fix Revisions pulled up: - devel/nss/Makefile 1.103 - devel/nss/distinfo 1.52 --- Module Name: pkgsrc Committed By: ryoon Date: Tue Nov 3 16:55:07 UTC 2015 Modified Files: pkgsrc/devel/nss: Makefile distinfo Log Message: Update to 3.20.1 Changelog: The following security-relevant bugs have been resolved in NSS 3.20.1. Users are encouraged to upgrade immediately. * Bug 1192028 (CVE-2015-7181) and Bug 1202868 (CVE-2015-7182): Several issues existed within the ASN.1 decoder used by NSS for handling streaming BER data. While the majority of NSS uses a separate, unaffected DER decoder, several public routines also accept BER data, and thus are affected. An attacker that successfully exploited these issues can overflow the heap and may be able to obtain remote code execution. To generate a diff of this commit: cvs rdiff -u -r1.100 -r1.100.2.1 pkgsrc/devel/nss/Makefile cvs rdiff -u -r1.50 -r1.50.2.1 pkgsrc/devel/nss/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.