Created attachment 187103 [details]
Document vulnerability in nss
CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes, affects the nss ports prior to version 3.32.1. Attached is the vuxml entry.
Created attachment 187104 [details]
Document vulnerability in nss, revised
Revised patch, including the link to upstream commit of the fix to the NSS_3_32_RTM branch, subsequently included in the 3.32.1 release:
Created attachment 187105 [details]
Document vulnerability in nss, revised 2
Another patch revision, combine ranges under single package entry, and specify different ranges for 3.28 branch (affecting linux nss ports) and 3.32 branch (affecting security/nss port). 3.33 branch (current security/nss port version) is not affected as it already contains the fix.
Notify emulation@ as the linux nss ports are still vulnerable.
A commit references this bug:
Date: Thu Oct 12 13:52:28 UTC 2017
New revision: 451877
Document nss issue
Submitted by: Vladimir Krstulja <firstname.lastname@example.org>