buildrootschalter

gitolite/buildrootschalter

Fork 0

Commit Graph

Author	SHA1	Message	Date
Baruch Siach	ea7bb05c7b	libnss: don't use target CFLAGS with host toolchain The OPTIMIZER variable is used to construct CFLAGS for host toolchain. This breaks the build since we set it to TARGET_CFLAGS, and these may not be supported by host toolchain. Augment the cross-compile patch to handle OPTIMIZER so that we can initialize it to TARGET_OPTIMIZER, and override it when used with host toolchain. Fixes: http://autobuild.buildroot.net/results/3f1/3f1afc1b58cb6fe53c438b55f169e2a78238806d/ Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>	2014-07-01 12:57:02 +02:00
Gustavo Zacarias	286cbaf328	libnss: security bump to version 3.16.1 Fixes: CVE-2014-1492 - The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate. CVE-2014-1491 - Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value. CVE-2014-1490 - Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket. CVE-2013-1740 - The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>	2014-06-18 23:58:25 +02:00

Author

SHA1

Message

Date

Baruch Siach

ea7bb05c7b

libnss: don't use target CFLAGS with host toolchain

The OPTIMIZER variable is used to construct CFLAGS for host toolchain.
This breaks the build since we set it to TARGET_CFLAGS, and these may not be
supported by host toolchain. Augment the cross-compile patch to handle
OPTIMIZER so that we can initialize it to TARGET_OPTIMIZER, and override it
when used with host toolchain.

Fixes:
http://autobuild.buildroot.net/results/3f1/3f1afc1b58cb6fe53c438b55f169e2a78238806d/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

2014-07-01 12:57:02 +02:00

Gustavo Zacarias

286cbaf328

libnss: security bump to version 3.16.1

Fixes:

CVE-2014-1492 - The cert_TestHostName function in lib/certdb/certdb.c in
the certificate-checking implementation in Mozilla Network Security
Services (NSS) before 3.16 accepts a wildcard character that is embedded
in an internationalized domain name's U-label, which might allow
man-in-the-middle attackers to spoof SSL servers via a crafted
certificate.

CVE-2014-1491 - Mozilla Network Security Services (NSS) before 3.15.4,
as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3,
Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does
not properly restrict public values in Diffie-Hellman key exchanges,
which makes it easier for remote attackers to bypass cryptographic
protection mechanisms in ticket handling by leveraging use of a certain
value.

CVE-2014-1490 - Race condition in libssl in Mozilla Network Security
Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0,
Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before
2.24, and other products, allows remote attackers to cause a denial of
service (use-after-free) or possibly have unspecified other impact via
vectors involving a resumption handshake that triggers incorrect
replacement of a session ticket.

CVE-2013-1740 - The ssl_Do1stHandshake function in sslsecur.c in libssl
in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS
False Start feature is enabled, allows man-in-the-middle attackers to
spoof SSL servers by using an arbitrary X.509 certificate during certain
handshake traffic.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

2014-06-18 23:58:25 +02:00

2 Commits