[Bug 193906] New: security/nss: update to 3.17.1 to fix CVE-2014-1568
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed Sep 24 20:24:04 UTC 2014
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=193906
Bug ID: 193906
Summary: security/nss: update to 3.17.1 to fix CVE-2014-1568
Product: Ports Tree
Version: Latest
Hardware: Any
OS: Any
Status: Needs Triage
Keywords: patch
Severity: Affects Only Me
Priority: ---
Component: Individual Port(s)
Assignee: gecko at FreeBSD.org
Reporter: jbeich at vfemail.net
Assignee: gecko at FreeBSD.org
Flags: maintainer-feedback?(gecko at FreeBSD.org)
While native firefox/thunderbird/seamonkey ports use --with-system-nss it maybe
still worth updating in order to fix bugs missed in other point releases as
gecko@ team may not have any committers left. And there're still 3 weeks before
firefox 33.0.
$ svn export
https://trillian.chruetertee.ch/svn/freebsd-gecko/branches/firefox32
$ cp -R firefox32/ /usr/ports/
<vuln vid="48108fb0-751c-4cbb-8f33-09239ead4b55">
<topic>NSS -- RSA Signature Forgery</topic>
<affects>
<package>
<name>linux-firefox</name>
<range><lt>32.0.3,1</lt></range>
</package>
<package>
<name>linux-thunderbird</name>
<range><lt>31.1.2</lt></range>
</package>
<package>
<name>linux-seamonkey</name>
<range><lt>2.29.1</lt></range>
</package>
<package>
<name>nss</name>
<range><lt>3.17.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Mozilla Project reports:</p>
<blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/">
<p>MFSA 2014-73 RSA Signature Forgery in NSS</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-1568</cvename>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-73.html</url>
</references>
<dates>
<discovery>2014-09-23</discovery>
<entry>2014-09-24</entry>
</dates>
</vuln>
--- Comment #1 from Bugzilla Automation <bugzilla at FreeBSD.org> ---
Auto-assigned to maintainer gecko at FreeBSD.org
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-gecko
mailing list