[Bug 193906] New: security/nss: update to 3.17.1 to fix CVE-2014-1568

Wed, 24 Sep 2014 13:24:26 -0700 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=193906

            Bug ID: 193906
           Summary: security/nss: update to 3.17.1 to fix CVE-2014-1568
           Product: Ports Tree
           Version: Latest
          Hardware: Any
                OS: Any
            Status: Needs Triage
          Keywords: patch
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: [email protected]
          Reporter: [email protected]
          Assignee: [email protected]
             Flags: maintainer-feedback?([email protected])

While native firefox/thunderbird/seamonkey ports use --with-system-nss it maybe
still worth updating in order to fix bugs missed in other point releases as
gecko@ team may not have any committers left. And there're still 3 weeks before
firefox 33.0.

$ svn export
https://trillian.chruetertee.ch/svn/freebsd-gecko/branches/firefox32
$ cp -R firefox32/ /usr/ports/

  <vuln vid="48108fb0-751c-4cbb-8f33-09239ead4b55">
    <topic>NSS -- RSA Signature Forgery</topic>
    <affects>
      <package>
    <name>linux-firefox</name>
    <range><lt>32.0.3,1</lt></range>
      </package>
      <package>
    <name>linux-thunderbird</name>
    <range><lt>31.1.2</lt></range>
      </package>
      <package>
    <name>linux-seamonkey</name>
    <range><lt>2.29.1</lt></range>
      </package>
      <package>
    <name>nss</name>
    <range><lt>3.17.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml";>
    <p>The Mozilla Project reports:</p>
    <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/";>
      <p>MFSA 2014-73 RSA Signature Forgery in NSS</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-1568</cvename>
     
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-73.html</url>
    </references>
    <dates>
      <discovery>2014-09-23</discovery>
      <entry>2014-09-24</entry>
    </dates>
  </vuln>

--- Comment #1 from Bugzilla Automation <[email protected]> ---
Auto-assigned to maintainer [email protected]

-- 
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-gecko
To unsubscribe, send any mail to "[email protected]"

Reply via email to