File _patchinfo of Package patchinfo.1915

<patchinfo incident="1915">
  <issue id="964332" tracker="bnc">FIPS patches in nss are leaking File descriptors like the cookie monster makes crumbs</issue>
  <issue id="954447" tracker="bnc">apache2-mod_nss: new mozilla nss now supports DHE server side ciphers</issue>
  <issue id="963731" tracker="bnc">VUL-0: CVE-2016-1938: mozilla-nss: Calculations with mp_div and mp_exptmod in Network Security Services (NSS) canproduce wrong results</issue>
  <issue id="963632" tracker="bnc">VUL-0: CVE-2016-1930: MozillaFirefox: Memory safety bugs fixed in Firefox ESR 38.6 and Firefox 44</issue>
  <issue id="963635" tracker="bnc">VUL-0: CVE-2016-1935: MozillaFirefox: Buffer overflow in WebGL after out of memory allocation</issue>
  <issue id="963520" tracker="bnc">VUL-0: MozillaFirefox 44 / 38.6.0 security release</issue>
  <issue id="CVE-2016-1935" tracker="cve" />
  <issue id="CVE-2016-1938" tracker="cve" />
  <issue id="CVE-2016-1930" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>pcerny</packager>
  <description>
This update for MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss fixes the following issues: (bsc#963520)

Mozilla Firefox was updated to 38.6.0 ESR.
Mozilla NSS was updated to 3.20.2.

The following vulnerabilities were fixed:

- CVE-2016-1930: Memory safety bugs fixed in Firefox ESR 38.6 (bsc#963632)
- CVE-2016-1935: Buffer overflow in WebGL after out of memory allocation (bsc#963635)
- CVE-2016-1938: Calculations with mp_div and mp_exptmod in Network Security Services (NSS) canproduce wrong results (bsc#963731)

The following improvements were added:

- bsc#954447: Mozilla NSS now supports a number of new DHE ciphersuites
- Tracking protection is now enabled by default
- bsc#964332: Fixed leaking file descriptors inside FIPS selfcheck code
</description>
  <summary>Security update for MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss</summary>
</patchinfo>