Created attachment 187103 [details] Document vulnerability in nss CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes, affects the nss ports prior to version 3.32.1. Attached is the vuxml entry.
Created attachment 187104 [details] Document vulnerability in nss, revised Revised patch, including the link to upstream commit of the fix to the NSS_3_32_RTM branch, subsequently included in the 3.32.1 release: * https://hg.mozilla.org/projects/nss/shortlog/NSS_3_32_1_RTM
Created attachment 187105 [details] Document vulnerability in nss, revised 2 Another patch revision, combine ranges under single package entry, and specify different ranges for 3.28 branch (affecting linux nss ports) and 3.32 branch (affecting security/nss port). 3.33 branch (current security/nss port version) is not affected as it already contains the fix.
Notify emulation@ as the linux nss ports are still vulnerable.
A commit references this bug: Author: swills Date: Thu Oct 12 13:52:28 UTC 2017 New revision: 451877 URL: https://svnweb.freebsd.org/changeset/ports/451877 Log: Document nss issue PR: 222952 Submitted by: Vladimir Krstulja <vlad-fbsd@acheronmedia.com> Changes: head/security/vuxml/vuln.xml
Committed, thanks!