emacs-bug-tracker
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#61573: closed (Arbitrary memory write vulnerability in NSS CVE-2023-

From: GNU bug Tracking System
Subject: bug#61573: closed (Arbitrary memory write vulnerability in NSS CVE-2023-0767)
Date: Tue, 21 Feb 2023 13:26:01 +0000 
Your message dated Tue, 21 Feb 2023 08:25:16 -0500
with message-id <87ilfvjglf.fsf@gmail.com>
and subject line Re: bug#61573: Arbitrary memory write vulnerability in NSS 
CVE-2023-0767
has caused the debbugs.gnu.org bug report #61573,
regarding Arbitrary memory write vulnerability in NSS CVE-2023-0767
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs@gnu.org.)


-- 
61573: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=61573
GNU Bug Tracking System
Contact help-debbugs@gnu.org with problems
--- Begin Message --- Subject: Arbitrary memory write vulnerability in NSS CVE-2023-0767 Date: Fri, 17 Feb 2023 09:50:11 -0500 
There's a serious vulnerability in NSS:

"An attacker could construct a PKCS 12 cert bundle in such a way that
could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes
being mishandled."

https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-0767

Apparently it is fixed in NSS, but they don't seem to say in which
version:

https://www.mozilla.org/en-US/security/known-vulnerabilities/nss/

Help wanted to fix this bug!

--- End Message ---
--- Begin Message --- Subject: Re: bug#61573: Arbitrary memory write vulnerability in NSS CVE-2023-0767 Date: Tue, 21 Feb 2023 08:25:16 -0500 User-agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) 
Hi Leo,

Leo Famulari <leo@famulari.name> writes:

> There's a serious vulnerability in NSS:
>
> "An attacker could construct a PKCS 12 cert bundle in such a way that
> could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes
> being mishandled."
>
> https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-0767
>
> Apparently it is fixed in NSS, but they don't seem to say in which
> version:
>
> https://www.mozilla.org/en-US/security/known-vulnerabilities/nss/
>
> Help wanted to fix this bug!

That's been fixed by myself for nss-next
(246a3d90eac82966b691bdca4660ab9c5d802631) and by Tobias for nss itself,
via a graft to the latest 3.88.1 version
(b04ee227a47419291391a2b6e857e41ed1c32155).

Closing.

-- 
Thanks,
Maxim

--- End Message ---
reply via email to
[Prev in Thread] Current Thread [Next in Thread]