[Bug 193906] New: security/nss: update to 3.17.1 to fix CVE-2014-1568

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Wed Sep 24 20:24:04 UTC 2014 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=193906

            Bug ID: 193906
           Summary: security/nss: update to 3.17.1 to fix CVE-2014-1568
           Product: Ports Tree
           Version: Latest
          Hardware: Any
                OS: Any
            Status: Needs Triage
          Keywords: patch
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: gecko at FreeBSD.org
          Reporter: jbeich at vfemail.net
          Assignee: gecko at FreeBSD.org
             Flags: maintainer-feedback?(gecko at FreeBSD.org)

While native firefox/thunderbird/seamonkey ports use --with-system-nss it maybe
still worth updating in order to fix bugs missed in other point releases as
gecko@ team may not have any committers left. And there're still 3 weeks before
firefox 33.0.

$ svn export
https://trillian.chruetertee.ch/svn/freebsd-gecko/branches/firefox32
$ cp -R firefox32/ /usr/ports/

  <vuln vid="48108fb0-751c-4cbb-8f33-09239ead4b55">
    <topic>NSS -- RSA Signature Forgery</topic>
    <affects>
      <package>
    <name>linux-firefox</name>
    <range><lt>32.0.3,1</lt></range>
      </package>
      <package>
    <name>linux-thunderbird</name>
    <range><lt>31.1.2</lt></range>
      </package>
      <package>
    <name>linux-seamonkey</name>
    <range><lt>2.29.1</lt></range>
      </package>
      <package>
    <name>nss</name>
    <range><lt>3.17.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <p>The Mozilla Project reports:</p>
    <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/">
      <p>MFSA 2014-73 RSA Signature Forgery in NSS</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-1568</cvename>
     
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-73.html</url>
    </references>
    <dates>
      <discovery>2014-09-23</discovery>
      <entry>2014-09-24</entry>
    </dates>
  </vuln>

--- Comment #1 from Bugzilla Automation <bugzilla at FreeBSD.org> ---
Auto-assigned to maintainer gecko at FreeBSD.org

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-gecko mailing list