dcc3ff2921
Changelog:
Security Advisories
The following security-relevant bugs have been resolved in NSS 3.15.3. Users are encouraged to upgrade immediately.
Bug 925100 - (CVE-2013-1741) Ensure a size is <= half of the maximum PRUint32 value
Bug 934016 - (CVE-2013-5605) Handle invalid handshake packets
Bug 910438 - (CVE-2013-5606) Return the correct result in CERT_VerifyCert on failure, if a verifyLog isn't used
New in NSS 3.15.3
New Functionality
No new major functionality is introduced in this release. This release is a patch release to address CVE-2013-1741, CVE-2013-5605 and CVE-2013-5606.
Bugs fixed in NSS 3.15.3
Bug 850478 - List RC4_128 cipher suites after AES_128 cipher suites
Bug 919677 - Don't advertise TLS 1.2-only ciphersuites in a TLS 1.1 ClientHello
A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&target_milestone=3.15.3&product=NSS
Compatibility
NSS 3.15.3 shared libraries are backward compatible with all older NSS 3.x
shared libraries. A program linked with older NSS 3.x shared libraries will
work with NSS 3.15.3 shared libraries without recompiling or relinking.
Furthermore, applications that restrict their use of NSS APIs to the
functions listed in NSS Public Functions will remain compatible with future
versions of the NSS shared libraries.
|
||
|---|---|---|
| .. | ||
| patches | ||
| buildlink3.mk | ||
| DESCR | ||
| distinfo | ||
| Makefile | ||
| PLIST | ||