On 26 Oct, Don Lewis wrote: > In addition the bundled version of nss has a bunch of CVEs. Even the > version in trunk has two I believe. I spent most of a week trying to > upgrade the trunk version and got a successful build on Windows, but > haven't had time to test it, and my patches need further cleanup. The > big problems is that newer versions are C99 which the version of Visual > C++ that we use for the Windows build does not support. I also remember > the pain that we went through to get this working properly when we did > the previous trunk upgrade. It is used for document signing.
nss-3.14.4 (in 4.1.5): CVE-2014-1561 CVE-2014-1560 CVE-2014-1559 CVE-2014-1558 CVE-2014-1557 CVE-2014-1556 CVE-2014-1555 CVE-2014-1552 CVE-2014-1551 CVE-2014-1550 CVE-2014-1549 CVE-2014-1548 CVE-2014-1547 CVE-2014-1544 nss-3.25 (in trunk): CVE-2017-5462 CVE-2017-5461 Upgrading to 3.25 looks like it would require merging r1753163, r1753962, maybe r1799750, r1811598, and r1811604. The latter two are Mac fixes. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
