|
From: | GNU bug Tracking System |
Subject: | bug#61573: closed (Arbitrary memory write vulnerability in NSS CVE-2023-0767) |
Date: | Tue, 21 Feb 2023 13:26:01 +0000 |
Your message dated Tue, 21 Feb 2023 08:25:16 -0500 with message-id <87ilfvjglf.fsf@gmail.com> and subject line Re: bug#61573: Arbitrary memory write vulnerability in NSS CVE-2023-0767 has caused the debbugs.gnu.org bug report #61573, regarding Arbitrary memory write vulnerability in NSS CVE-2023-0767 to be marked as done. (If you believe you have received this mail in error, please contact help-debbugs@gnu.org.) -- 61573: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=61573 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems
--- Begin Message ---Subject: Arbitrary memory write vulnerability in NSS CVE-2023-0767 Date: Fri, 17 Feb 2023 09:50:11 -0500 There's a serious vulnerability in NSS: "An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled." https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-0767 Apparently it is fixed in NSS, but they don't seem to say in which version: https://www.mozilla.org/en-US/security/known-vulnerabilities/nss/ Help wanted to fix this bug!
--- End Message ---
--- Begin Message ---Subject: Re: bug#61573: Arbitrary memory write vulnerability in NSS CVE-2023-0767 Date: Tue, 21 Feb 2023 08:25:16 -0500 User-agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) Hi Leo, Leo Famulari <leo@famulari.name> writes: > There's a serious vulnerability in NSS: > > "An attacker could construct a PKCS 12 cert bundle in such a way that > could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes > being mishandled." > > https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-0767 > > Apparently it is fixed in NSS, but they don't seem to say in which > version: > > https://www.mozilla.org/en-US/security/known-vulnerabilities/nss/ > > Help wanted to fix this bug! That's been fixed by myself for nss-next (246a3d90eac82966b691bdca4660ab9c5d802631) and by Tobias for nss itself, via a graft to the latest 3.88.1 version (b04ee227a47419291391a2b6e857e41ed1c32155). Closing. -- Thanks, Maxim
--- End Message ---
[Prev in Thread] | Current Thread | [Next in Thread] |