maintainer-feedback requested: [Bug 193906] security/nss: update to 3.17.1 to fix CVE-2014-1568
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed Sep 24 20:24:03 UTC 2014
Jan Beich <jbeich at vfemail.net> has asked gecko at FreeBSD.org for
maintainer-feedback:
Bug 193906: security/nss: update to 3.17.1 to fix CVE-2014-1568
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=193906
------- Additional Comments from Jan Beich <jbeich at vfemail.net>
While native firefox/thunderbird/seamonkey ports use --with-system-nss it maybe
still worth updating in order to fix bugs missed in other point releases as
gecko@ team may not have any committers left. And there're still 3 weeks before
firefox 33.0.
$ svn export
https://trillian.chruetertee.ch/svn/freebsd-gecko/branches/firefox32
$ cp -R firefox32/ /usr/ports/
<vuln vid="48108fb0-751c-4cbb-8f33-09239ead4b55">
<topic>NSS -- RSA Signature Forgery</topic>
<affects>
<package>
<name>linux-firefox</name>
<range><lt>32.0.3,1</lt></range>
</package>
<package>
<name>linux-thunderbird</name>
<range><lt>31.1.2</lt></range>
</package>
<package>
<name>linux-seamonkey</name>
<range><lt>2.29.1</lt></range>
</package>
<package>
<name>nss</name>
<range><lt>3.17.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Mozilla Project reports:</p>
<blockquote
cite="http://www.mozilla.org/security/known-vulnerabilities/">
<p>MFSA 2014-73 RSA Signature Forgery in NSS</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-1568</cvename>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-73.html</url>
</references>
<dates>
<discovery>2014-09-23</discovery>
<entry>2014-09-24</entry>
</dates>
</vuln>
More information about the freebsd-gecko
mailing list