On Wed, Nov 13, 2013 at 01:54:45PM -0700, Landry Breuil wrote: > CVSROOT: /cvs > Module name: ports > Changes by: lan...@cvs.openbsd.org 2013/11/13 13:54:45 > > Modified files: > devel/nspr : Makefile distinfo > devel/nspr/patches: patch-nspr_configure_in > > Log message: > SECURITY(?) update to nspr 4.10.2. > > Fixes the following bugs: > Bug 927687: Avoid unsigned integer wrapping in PL_ArenaAllocate (possible > CVE?, not confirmed yet)
That will be CVE-2013-5607 (rated moderate), after discussion with nspr devs. Landry
