Back to bug 1315202
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Huzaifa S. Sidhpurwala | 2016-03-07 09:02:25 UTC | CC | security-response-team | |
| Red Hat Bugzilla | 2016-03-07 09:02:25 UTC | Doc Type | --- | Bug Fix |
| Huzaifa S. Sidhpurwala | 2016-03-07 09:02:35 UTC | Blocks | 1310521 | |
| Huzaifa S. Sidhpurwala | 2016-03-09 04:12:35 UTC | Group | security, qe_staff | |
| Summary | EMBARGOED CVE-2016-1979 nss: Use-after-free during processing of DER encoded keys in NSS | CVE-2016-1979 nss: Use-after-free during processing of DER encoded keys in NSS (MFSA 2016-36) | ||
| Whiteboard | impact=moderate,public=no,reported=20160307,source=mozilla,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,rhel-5/nss=affected,rhel-6/nss=affected,rhel-7/nss=affected,fedora-all/nss=affected | impact=moderate,public=20160308,reported=20160307,source=mozilla,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,rhel-5/nss=affected,rhel-6/nss=affected,rhel-7/nss=affected,fedora-all/nss=affected | ||
| Huzaifa S. Sidhpurwala | 2016-03-09 08:43:25 UTC | Depends On | 1316003 | |
| Slawomir Czarko | 2016-03-14 13:00:27 UTC | CC | slawomir | |
| Huzaifa S. Sidhpurwala | 2016-03-29 03:43:25 UTC | Whiteboard | impact=moderate,public=20160308,reported=20160307,source=mozilla,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,rhel-5/nss=affected,rhel-6/nss=affected,rhel-7/nss=affected,fedora-all/nss=affected | impact=moderate,public=20160308,reported=20160307,source=mozilla,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,rhel-5/nss=affected,rhel-6/nss=defer,rhel-7/nss=defer,fedora-all/nss=affected |
| Huzaifa S. Sidhpurwala | 2016-03-29 03:47:11 UTC | Whiteboard | impact=moderate,public=20160308,reported=20160307,source=mozilla,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,rhel-5/nss=affected,rhel-6/nss=defer,rhel-7/nss=defer,fedora-all/nss=affected | impact=moderate,public=20160308,reported=20160307,source=mozilla,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,rhel-5/nss=wontfix,rhel-6/nss=defer,rhel-7/nss=defer,fedora-all/nss=affected |
| Huzaifa S. Sidhpurwala | 2016-04-04 10:45:20 UTC | Whiteboard | impact=moderate,public=20160308,reported=20160307,source=mozilla,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,rhel-5/nss=wontfix,rhel-6/nss=defer,rhel-7/nss=defer,fedora-all/nss=affected | impact=moderate,public=20160308,reported=20160307,source=mozilla,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,rhel-5/nss=affected,rhel-6/nss=affected,rhel-7/nss=affected,fedora-all/nss=affected |
| Huzaifa S. Sidhpurwala | 2016-04-04 10:48:27 UTC | Depends On | 1323648 | |
| Huzaifa S. Sidhpurwala | 2016-04-04 10:48:35 UTC | Depends On | 1323649 | |
| Huzaifa S. Sidhpurwala | 2016-04-04 10:48:40 UTC | Depends On | 1323650 | |
| Huzaifa S. Sidhpurwala | 2016-04-04 10:48:48 UTC | Depends On | 1323651 | |
| Huzaifa S. Sidhpurwala | 2016-04-04 10:48:54 UTC | Depends On | 1323652 | |
| Huzaifa S. Sidhpurwala | 2016-04-05 05:43:15 UTC | Doc Text | A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by NSS, could cause it to crash, or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library. | |
| Martin Prpič | 2016-04-05 07:54:12 UTC | Doc Text | A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by NSS, could cause it to crash, or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library. | A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. |
| Product Security DevOps Team | 2019-06-08 02:49:26 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2019-06-08 02:49:26 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:45:06 UTC | Whiteboard | impact=moderate,public=20160308,reported=20160307,source=mozilla,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,rhel-5/nss=affected,rhel-6/nss=affected,rhel-7/nss=affected,fedora-all/nss=affected |
Back to bug 1315202