Overview

File _patchinfo of Package patchinfo.2046

<patchinfo>
  <issue id="842979" tracker="bnc">mozilla-nss 3.15.2 security fix (CVE-2013-1739)</issue>
  <issue id="CVE-2013-1739" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>wrosenauer</packager>
  <description>
Mozilla NSS was updated to 3.15.2 (bnc#842979)
* Support for AES-GCM ciphersuites that use the SHA-256 PRF
* MD2, MD4, and MD5 signatures are no longer accepted for OCSP
  or CRLs
* Add PK11_CipherFinal macro
* sizeof() used incorrectly
* nssutil_ReadSecmodDB() leaks memory
* Allow SSL_HandshakeNegotiatedExtension to be called before
  the handshake is finished.
* Deprecate the SSL cipher policy code
* Avoid uninitialized data read in the event of a decryption
  failure. (CVE-2013-1739)
</description>
  <summary>update for mozilla-nss</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places