Package: nss Severity: serious Tags: security Hi,
Nadhem Alfardan and Kenny Paterson have discovered a weakness in the handling of CBC ciphersuites in SSL, TLS and DTLS. Their attack exploits timing differences arising during MAC processing. Details of this attack can be found at: http://www.isg.rhul.ac.uk/tls/ Upstream NSS progress is tracked at https://bugzilla.mozilla.org/show_bug.cgi?id=822365 The generic protocol issue has been assigned CVE name CVE-2013-0169. The specific fix for NSS is known as CVE-2013-1620. Please mention these identifiers in the changelog. Can you see to it that this issue is addressed in unstable and testing? And are you available to create an update for stable-security? Cheers, Thijs
signature.asc
Description: This is a digitally signed message part.
