https://bz.apache.org/ooo/show_bug.cgi?id=126891
Issue ID: 126891
Issue Type: DEFECT
Summary: bundled nss-3.23-with-nspr-4.12 has many security
vulnerabilities
Product: Build Tools
Version: 4.2.0-dev
Hardware: All
OS: All
Status: CONFIRMED
Severity: Normal
Priority: P5 (lowest)
Component: external prerequisites
Assignee: [email protected]
Reporter: [email protected]
Created attachment 85369
--> https://bz.apache.org/ooo/attachment.cgi?id=85369&action=edit
patch to upgrade to nss-3.23-with-nspr-4.12
The nss-3.14.4-with-nspr-4.9.5 software bundled with OpenOffice has
these vulnerabilities:
CVE-2014-1533
CVE-2014-1534
CVE-2014-1536
CVE-2014-1537
CVE-2014-1540
CVE-2014-1541
CVE-2014-1542
CVE-2014-1543
CVE-2014-1544
CVE-2014-1545
CVE-2014-1547
CVE-2014-1548
CVE-2014-1549
CVE-2014-1550
CVE-2014-1551
CVE-2014-1552
CVE-2014-1555
CVE-2014-1556
CVE-2014-1557
CVE-2014-1558
CVE-2014-1559
CVE-2014-1560
CVE-2014-1561
CVE-2014-1568
CVE-2014-1569
CVE-2014-1587
CVE-2014-1588
CVE-2014-1589
CVE-2014-1590
CVE-2014-1591
CVE-2014-1592
CVE-2014-1593
CVE-2014-1594
CVE-2014-1595
CVE-2015-4513
CVE-2015-4514
CVE-2015-4515
CVE-2015-4518
CVE-2015-7181
CVE-2015-7182
CVE-2015-7183
CVE-2015-7185
CVE-2015-7186
CVE-2015-7187
CVE-2015-7188
CVE-2015-7189
CVE-2015-7190
CVE-2015-7191
CVE-2015-7192
CVE-2015-7193
CVE-2015-7194
CVE-2015-7195
CVE-2015-7196
CVE-2015-7197
CVE-2015-7198
CVE-2015-7199
CVE-2015-7200
CVE-2015-7575
CVE-2016-1938
CVE-2016-1950
CVE-2016-1978
CVE-2016-1979
Whether any of these actually impacts OpenOffice is not known.
The attached patch upgrades to nss-3.23-with-nspr-4.12 which
has no publicly disclosed vulnerabilities at this time. The
nss patches are rebased to the new version and any non-conflicting
changes are moved from the [latform-specific patch files to
nss.patch. The nss.patch.mingw file was already out of date and
was not updated.
--
You are receiving this mail because:
You are the assignee for the issue.
