oss-sec mailing list archives
Re: CVE-2021-43527: Heap overflow in NSS when verifying DSA/RSA-PSS DER-encoded signatures
From: Alan Coopersmith <alan.coopersmith () oracle com>
Date: Wed, 1 Dec 2021 09:11:15 -0800
On 12/1/21 8:43 AM, Dennis Jackson wrote:
Remediation: NSS 3.73 [1] and NSS ESR 3.68.1 [2] have been released and contain the fix. A patch suitable for backporting is also attached (patch.diff). Acknowledgements: This vulnerability was reported to the NSS team by Tavis Ormandy of Project Zero.
https://bugs.chromium.org/p/project-zero/issues/detail?id=2237 states that "It's been 30 days since the initial thunderbird patches have been released". Is there a corresponding Thunderbird patch/advisory/release distros should be shipping as well? -- -Alan Coopersmith- alan.coopersmith () oracle com Oracle Solaris Engineering - https://blogs.oracle.com/solaris
Current thread:
- CVE-2021-43527: Heap overflow in NSS when verifying DSA/RSA-PSS DER-encoded signatures Dennis Jackson (Dec 01)
- Re: CVE-2021-43527: Heap overflow in NSS when verifying DSA/RSA-PSS DER-encoded signatures Alan Coopersmith (Dec 01)
- Message not available
- Message not available
- Re: CVE-2021-43527: Heap overflow in NSS when verifying DSA/RSA-PSS DER-encoded signatures Kai Engert (Dec 01)
- Message not available
- Re: CVE-2021-43527: Heap overflow in NSS when verifying DSA/RSA-PSS DER-encoded signatures Alan Coopersmith (Dec 01)