The NSS Development Team announces multiple patch releases: NSS 3.44.3 for NSS 3.44 NSS 3.47.1 for NSS 3.47
No new functionality is introduced in these releases. Users are encouraged to upgrade. The NSS team would like to recognize first-time contributors: * Craig Disselkoen NSS 3.44.3 includes: * CVE-2019-11745 - EncryptUpdate should use maxout, not block size * Bug 1579060 - Don’t set the CONSTRUCTED bit for issuerUniqueID and subjectUniqueID in mozilla::pkix NSS 3.47.1 includes: * CVE-2019-11745 - EncryptUpdate should use maxout, not block size * Bug 1590495 - Fix a crash that could be caused by client certificates during startup * Bug 1589810 - Fix compile-time warnings from uninitialized variables in a perl script NSS 3.44.3 requires NSPR 4.21 or newer. The HG tag is NSS_3_44_3_RTM. NSS 3.44.3 source distributions are available on ftp.mozilla.org for secure HTTPS download: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_44_3_RTM/src/ Full release notes are available at https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes NSS 3.47.1 requires NSPR 4.23 or newer. The HG tag is NSS_3_47_1_RTM. NSS 3.47.1 source distributions are available on ftp.mozilla.org for secure HTTPS download: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_47_1_RTM/src/ Full release notes are available at https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
