diff options
author | Bernard Spil <brnrd@FreeBSD.org> | 2021-12-02 13:58:50 +0000 |
---|---|---|
committer | Bernard Spil <brnrd@FreeBSD.org> | 2021-12-02 13:58:50 +0000 |
commit | 30e0367d305e770dd0d89a8e2c917470271a5167 (patch) | |
tree | 02b1c16162852675b24cc6601a46ab2768e6b683 /security/vuxml | |
parent | 9e662dabb3b399ddf2735a2a9d57597721d36959 (diff) | |
download | ports-30e0367d305e770dd0d89a8e2c917470271a5167.tar.gz ports-30e0367d305e770dd0d89a8e2c917470271a5167.zip |
security/vuxml: Record NSS vulnerability
Diffstat (limited to 'security/vuxml')
-rw-r--r-- | security/vuxml/vuln-2021.xml | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/security/vuxml/vuln-2021.xml b/security/vuxml/vuln-2021.xml index 5eff6e567470..21a5edac66a7 100644 --- a/security/vuxml/vuln-2021.xml +++ b/security/vuxml/vuln-2021.xml @@ -1,3 +1,36 @@ + <vuln vid="47695a9c-5377-11ec-8be6-d4c9ef517024"> + <topic>NSS -- Memory corruption</topic> + <affects> + <package> + <name>nss</name> + <range><lt>3.73</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Mozilla project reports:</p> + <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2021-51/"> + <p>Memory corruption in NSS via DER-encoded DSA and RSA-PSS signatures (Critical)</p> + <p>NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR + are vulnerable to a heap overflow when handling DER-encoded DSA or + RSA-PSS signatures. Applications using NSS for handling signatures + encoded within CMS, S/MIME, PKCS #7, or PKCS #12 are likely to be + impacted. Applications using NSS for certificate validation or other + TLS, X.509, OCSP or CRL functionality may be impacted, depending on + how they configure NSS.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2021-43527</cvename> + <url>https://www.mozilla.org/en-US/security/advisories/mfsa2021-51/</url> + </references> + <dates> + <discovery>2021-12-01</discovery> + <entry>2021-12-02</entry> + </dates> + </vuln> + <vuln vid="0d6efbe3-52d9-11ec-9472-e3667ed6088e"> <topic>mailman < 2.1.38 -- CSRF vulnerability of list mod or member against list admin page</topic> <affects> |