[ANNOUNCE] NSPR 4.10.10 Release

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[ANNOUNCE] NSPR 4.10.10 Release

Kai Engert-4
The NSPR 4.10.10 release is now available.  The hg tag is
NSPR_4_10_10_RTM.  The source tar file can be downloaded from
https://ftp.mozilla.org/pub/mozilla.org/nspr/releases/v4.10.10/src/

Security Advisories

The following security-relevant bugs have been resolved in NSPR 4.10.10.
Users are encouraged to upgrade immediately.

- Bug 1205157 (CVE-2015-7183)

  A logic bug in the handling of large allocations would allow
  exceptionally large allocations to be reported as successful, without
  actually allocating the requested memory. This may allow attackers to
  bypass security checks and obtain control of arbitrary memory.

  This issue affects applications that were compiled with or linked
  against an affected NSPR version; to resolve this issue, affected
  applications must be recompiled with a non-affected NSPR version.

NSPR 4.10.10 has the following additional bug fixes:

- Bug 1199867: Fixed a regression that broke 32-bits mips w/ glibc


_______________________________________________
dev-tech-nspr mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-nspr