Hi, What is the status of the following CVEs on NSS? I've searched through all your MFSAs and did not find these.
CVE-2017-11695: heap-buffer-overflow (write of size 8) in alloc_segs (lib/dbm/src/hash.c:1105) https://bugzilla.mozilla.org/show_bug.cgi?id=1360782 CVE-2017-11696: heap-buffer-overflow (write of size 65544) in __hash_open (lib/dbm/src/hash.c:241) https://bugzilla.mozilla.org/show_bug.cgi?id=1360778 CVE-2017-11697: Floating Point Exception in __hash_open (hash.c:229) https://bugzilla.mozilla.org/show_bug.cgi?id=1360900 CVE-2017-11698: heap-buffer-overflow (write of size 2) in __get_page (lib/dbm/src/h_page.c:704) https://bugzilla.mozilla.org/show_bug.cgi?id=1360779 Are they ever going to be fixed? Charles Robertson Firefox Maintainer SUSE LLC _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security