Re: Analysis of nss CVE-2016-2834
On Sat, Jun 18, 2016 at 12:15:15AM +0200, Ola Lundqvist wrote:
> So I have now gone through the ~7 MB diff between nss and found changes
> regarding the following:
> - ASN1 parsing issue. See also CVE-2016-1950
> - A lot of changes from getenv to some secure variant.
> - A change in sslinfo.c that could potentially be the change.
> - Downgrade fixes. Good but not this CVE.
> Do anyone know more about this CVE?
> There are a few references to mozilla bugzilla bugs but I do not have
> access to them. Anyone who have?
Usually Mozilla's Bugzilla has all the details of the CVEs. If the bug
is non public you can ask it to be opened up.