retitle 539934 CVE-2009-2408, CVE-2009-2404, NSS multiple vulnerabilities fixed 539934 3.12.3-1 thanks
Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for nss. CVE-2009-2408[0]: | Mozilla Firefox before 3.5 and NSS before 3.12.3 do not properly | handle a '\0' character in a domain name in the subject's Common Name | (CN) field of an X.509 certificate, which allows man-in-the-middle | attackers to spoof arbitrary SSL servers via a crafted certificate | issued by a legitimate Certification Authority. This issue is fixed in upstream NSS 3.12.3, so only the lenny version is vulnerable. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408 http://security-tracker.debian.net/tracker/CVE-2009-2408
signature.asc
Description: OpenPGP digital signature
