Hi Leo, Leo Famulari <l...@famulari.name> writes:
> There's a serious vulnerability in NSS: > > "An attacker could construct a PKCS 12 cert bundle in such a way that > could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes > being mishandled." > > https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-0767 > > Apparently it is fixed in NSS, but they don't seem to say in which > version: > > https://www.mozilla.org/en-US/security/known-vulnerabilities/nss/ > > Help wanted to fix this bug! That's been fixed by myself for nss-next (246a3d90eac82966b691bdca4660ab9c5d802631) and by Tobias for nss itself, via a graft to the latest 3.88.1 version (b04ee227a47419291391a2b6e857e41ed1c32155). Closing. -- Thanks, Maxim
