Your message dated Tue, 08 Nov 2011 20:09:31 +0000
with message-id <e1rnrz9-0002lx...@franck.debian.org>
and subject line Bug#647614: fixed in nss 3.12.8-1+squeeze4
has caused the Debian Bug report #647614,
regarding CVE-2011-3640
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
647614: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=647614
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: nss
Severity: normal
Tags: security
Hi,
the following bug has been reported for NSS:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3640
While this doesn't warrant a DSA on it's own, we could fix it
along with the next NSS DSA (probably for the CA compromise
of the day?:
http://blog.mozilla.com/security/2011/11/03/revoking-trust-in-digicert-sdn-bhd-intermediate-certificate-authority/
)
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: nss
Source-Version: 3.12.8-1+squeeze4
We believe that the bug you reported is fixed in the latest version of
nss, which is due to be installed in the Debian FTP archive:
libnss3-1d-dbg_3.12.8-1+squeeze4_amd64.deb
to main/n/nss/libnss3-1d-dbg_3.12.8-1+squeeze4_amd64.deb
libnss3-1d_3.12.8-1+squeeze4_amd64.deb
to main/n/nss/libnss3-1d_3.12.8-1+squeeze4_amd64.deb
libnss3-dev_3.12.8-1+squeeze4_amd64.deb
to main/n/nss/libnss3-dev_3.12.8-1+squeeze4_amd64.deb
libnss3-tools_3.12.8-1+squeeze4_amd64.deb
to main/n/nss/libnss3-tools_3.12.8-1+squeeze4_amd64.deb
nss_3.12.8-1+squeeze4.debian.tar.gz
to main/n/nss/nss_3.12.8-1+squeeze4.debian.tar.gz
nss_3.12.8-1+squeeze4.dsc
to main/n/nss/nss_3.12.8-1+squeeze4.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 647...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mike Hommey <gland...@debian.org> (supplier of updated nss package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 06 Nov 2011 09:01:08 +0100
Source: nss
Binary: libnss3-1d libnss3-tools libnss3-dev libnss3-1d-dbg
Architecture: source amd64
Version: 3.12.8-1+squeeze4
Distribution: stable-security
Urgency: low
Maintainer: Maintainers of Mozilla-related packages
<pkg-mozilla-maintain...@lists.alioth.debian.org>
Changed-By: Mike Hommey <gland...@debian.org>
Description:
libnss3-1d - Network Security Service libraries
libnss3-1d-dbg - Debugging symbols for the Network Security Service libraries
libnss3-dev - Development files for the Network Security Service libraries
libnss3-tools - Network Security Service tools
Closes: 647614
Changes:
nss (3.12.8-1+squeeze4) stable-security; urgency=low
.
* Explicitly distrust malaysian Digicert Sdn. Bhd CA certificate.
* Address CVE-2011-3640 (Untrusted search path vulnerability).
Closes: #647614.
Checksums-Sha1:
b96722c312bbf420bf6ee74d8d356953ca0de4c0 2039 nss_3.12.8-1+squeeze4.dsc
5e58bdb8e95d831ada0c37666778cfa6e590b7f3 109281
nss_3.12.8-1+squeeze4.debian.tar.gz
8e0f20bec3600740b0146f32db314317d4506d35 1114826
libnss3-1d_3.12.8-1+squeeze4_amd64.deb
d56ed76a589b7a2eaf5d7c63dfdb008fb8f241ef 448570
libnss3-tools_3.12.8-1+squeeze4_amd64.deb
859c13c8d3abe9df23c55bf2bd0a071c975a72f5 268404
libnss3-dev_3.12.8-1+squeeze4_amd64.deb
059d5419f36dabe071c238a58906ac6a44b871b2 3271230
libnss3-1d-dbg_3.12.8-1+squeeze4_amd64.deb
Checksums-Sha256:
7a7f7c8c0aa001abceab4f8dfb60cd262fdd9d95a2d94dc9c0ad2e26c53b2b26 2039
nss_3.12.8-1+squeeze4.dsc
493cb314a807d066c05eb7eaeb095914ef5d1760cea67e385a869e3f4d1c6760 109281
nss_3.12.8-1+squeeze4.debian.tar.gz
9e46811ee5fdfe12f274cd640103d0df8e1b9ea122b3f427653597b1666607da 1114826
libnss3-1d_3.12.8-1+squeeze4_amd64.deb
9de5e790c6cde9974343d4dfa6854a6a11c166a9219b978cd3c70de66da6c7b2 448570
libnss3-tools_3.12.8-1+squeeze4_amd64.deb
95a2ee0635625401f23ac47f4a1d15c65d11dcc62a511094eb78b14a8086838b 268404
libnss3-dev_3.12.8-1+squeeze4_amd64.deb
f4c891c1f89315f6a59d95365ba07f25ef42da16b6326befcf03f48efb109bb4 3271230
libnss3-1d-dbg_3.12.8-1+squeeze4_amd64.deb
Files:
58ea16048424f1b2f6fdbdc095cb4960 2039 libs optional nss_3.12.8-1+squeeze4.dsc
bee3c9dfb6e1a0fe4a76448f5cc46911 109281 libs optional
nss_3.12.8-1+squeeze4.debian.tar.gz
03dfa00c4670db06a92906144c36d8b5 1114826 libs optional
libnss3-1d_3.12.8-1+squeeze4_amd64.deb
0443855c0539c6a788aee8d93e34e752 448570 admin optional
libnss3-tools_3.12.8-1+squeeze4_amd64.deb
ec8e2b60a2d16acd2856ddd05debe934 268404 libdevel optional
libnss3-dev_3.12.8-1+squeeze4_amd64.deb
f7d3c89152eb9b0a7444753ab2661459 3271230 debug extra
libnss3-1d-dbg_3.12.8-1+squeeze4_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIVAwUBTrZFQOQqoE+mqoxyAQhqPg//b2zXnEtJHyprUBRkPlDJ3hHcS+nXkGsA
G202ADA6dzzHc6iF46/ORI7L+qxKmczX2LKP+O/JlLuhoA75pSm1JmyrN6JqaKqT
LOvZ6XCJNFBja3dKoEIyJxV4J/IlhDPl8CN5Bl56wWdi4GD5GCJKprEFQ3z6UA9z
Ut/cmql1y0ZEsaASbcjVuwlHIo8Pk1jo8VmVYlJfbCEALMuVUZy1uaw9iyZrfeA7
Lywa7Cq7iPboGN9BBbfkALEUxNem76j4MsCuY8k3AAGMnI+9CYOOQ2k3QBtggaAI
xmryMzAFNlPmtYcK1ouyWYFm6cR9jw4rU/A75djPxJEJkXgYvGXNgTrNQfDbVzQC
M3/MeLtEG2C3Sszf9V09J1jBKT0bf5F7r8/W8QhJEgf9acgajG3luLucALtVFaXs
eIA/NZDXEQD456qdMKeB9+TLJtP7EQ8d3F2kNDARqR3sSWgPTNUc7ZvFB7t40+Yz
BQ612TV6I/jSKryquOXMaMwPOUa6U6Q40w4Gg0+yJNzAZp3tCDRxOr3VqZCqKxg/
Bt82vtvD5rhxibI5rES4AbR0YRXbUotjn8/H1CdyhJDZgwwxwzji1YUaUKSCsO3Q
DpWe8XzF49X5a9/B6WMT2cSCqeW75nwhxznBITO8T5SC2kulnFE3xVQGtHe6OZlV
KUYEyBbeLFU=
=sdmT
-----END PGP SIGNATURE-----
--- End Message ---
