Bug#539934: marked as done (CVE-2009-2408, CVE-2009-2404, NSS multiple vulnerabilities)

Tue, 22 Dec 2009 02:25:15 -0800 

Your message dated Tue, 22 Dec 2009 11:16:46 +0100
with message-id <20091222101646.ga20...@glandium.org>
and subject line closing properly
has caused the Debian Bug report #539934,
regarding CVE-2009-2408, CVE-2009-2404, NSS multiple vulnerabilities
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
539934: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539934
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: nss
Version: 3.12.0-6
Severity: serious
Tags: security lenny

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for nss.

CVE-2009-2404[0]:
| Heap-based buffer overflow in a regular-expression parser in Mozilla
| Network Security Services (NSS) before 3.12.3, as used in Firefox,
| Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger
| (AIM), allows remote SSL servers to cause a denial of service
| (application crash) or possibly execute arbitrary code via a long
| domain name in the subject's Common Name (CN) field of an X.509
| certificate, related to the cert_TestHostName function.

This issue is fixed in upstream NSS 3.12.3, so only the lenny version is 
vulnerable.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2404
    http://security-tracker.debian.net/tracker/CVE-2009-2404


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkp4TDMACgkQNxpp46476aqh0wCghZbP9Z5/ml4Ka+xwixNh02mU
sk0An3p5CTaTIpcIOyxtByn0cWpvY8m/
=rCbx
-----END PGP SIGNATURE-----

--- End Message ---
--- Begin Message --- 
Version: 3.12.3-1

--- End Message ---

Reply via email to