From rcritten at redhat.com  Fri Apr 15 21:39:17 2016
From: rcritten at redhat.com (Rob Crittenden)
Date: Fri, 15 Apr 2016 17:39:17 -0400
Subject: [Mod_nss-list] Announcing release 1.0.14 (security)
Message-ID: <57115F85.80503@redhat.com>

This is mostly a security release to fix an error in the handling of 
+CIPHER in the OpenSSL compatibility code. CVE-2016-3099 was due to the 
fact that mod_nss stopped parsing cipher strings when it came across a + 
for cipher re-ordering. NSS doesn't support re-ordering. The problem is 
that there may be very important things beyond it but an error wasn't 
return, it just stopped looking at the ciphers.

This release also updates the mod_ssl -> mod_nss migration script.

Support was added for SSL_PPTYPE_FILTER so that now NSSPassPhraseDialog 
can use exec: and call a script to get the password from systemd, for 
example.

And finally, I added some Valgrind suppression files to make finding 
memory issues a lot easier.

Source is at 
https://fedorahosted.org/releases/m/o/mod_nss/mod_nss-1.0.14.tar.gz

rob