The NSS Development Team announces the release of NSS 3.19.2.4, which is a security patch release for NSS 3.19.2.
(Current users of NSS 3.19.3, NSS 3.19.4 or NSS 3.20.x are advised to update to NSS 3.21.1, NSS 3.22.2, or a later release.) No new functionality is introduced in this release. The following security fixes from NSS 3.21 have been backported to NSS 3.19.2.4. Users are encouraged to upgrade immediately. * Bug 1185033 / CVE-2016-1979 - Use-after-free during processing of DER encoded keys in NSS * Bug 1209546 / CVE-2016-1978 - Use-after-free in NSS during SSL connections in low memory * Bug 1190248 / CVE-2016-1938 - Errors in mp_div and mp_exptmod cryptographic functions in NSS The full release notes are available at https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.4_release_notes The HG tag is NSS_3_19_2_4_RTM. NSS 3.19.2.4 requires NSPR 4.10.10 or newer. NSS 3.19.2.4 source distributions are available on ftp.mozilla.org for secure HTTPS download: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_19_2_4_RTM/src/ -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto