From owner-freebsd-gecko@FreeBSD.ORG  Wed Sep 24 20:24:03 2014
Return-Path: <owner-freebsd-gecko@FreeBSD.ORG>
Delivered-To: gecko@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id A41CDFF6
 for <gecko@FreeBSD.org>; Wed, 24 Sep 2014 20:24:03 +0000 (UTC)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 8EB2B816
 for <gecko@FreeBSD.org>; Wed, 24 Sep 2014 20:24:03 +0000 (UTC)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.14.9/8.14.9) with ESMTP id s8OKO3xl094525
 for <gecko@FreeBSD.org>; Wed, 24 Sep 2014 20:24:03 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: gecko@FreeBSD.org
Subject: maintainer-feedback requested: [Bug 193906] security/nss: update to
 3.17.1 to fix CVE-2014-1568
Date: Wed, 24 Sep 2014 20:24:03 +0000
X-Bugzilla-Type: request
Message-ID: <bug-193906-21738-zGYUJnohau@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-193906-21738@https.bugs.freebsd.org/bugzilla/>
References: <bug-193906-21738@https.bugs.freebsd.org/bugzilla/>
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-BeenThere: freebsd-gecko@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Gecko Rendering Engine issues <freebsd-gecko.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-gecko>,
 <mailto:freebsd-gecko-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-gecko/>
List-Post: <mailto:freebsd-gecko@freebsd.org>
List-Help: <mailto:freebsd-gecko-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-gecko>,
 <mailto:freebsd-gecko-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Sep 2014 20:24:03 -0000

Jan Beich <jbeich@vfemail.net> has asked gecko@FreeBSD.org for
maintainer-feedback:
Bug 193906: security/nss: update to 3.17.1 to fix CVE-2014-1568
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D193906


------- Additional Comments from Jan Beich <jbeich@vfemail.net>
While native firefox/thunderbird/seamonkey ports use --with-system-nss it m=
aybe
still worth updating in order to fix bugs missed in other point releases as
gecko@ team may not have any committers left. And there're still 3 weeks be=
fore
firefox 33.0.

$ svn export
https://trillian.chruetertee.ch/svn/freebsd-gecko/branches/firefox32
$ cp -R firefox32/ /usr/ports/

  <vuln vid=3D"48108fb0-751c-4cbb-8f33-09239ead4b55">
    <topic>NSS -- RSA Signature Forgery</topic>
    <affects>
      <package>
	<name>linux-firefox</name>
	<range><lt>32.0.3,1</lt></range>
      </package>
      <package>
	<name>linux-thunderbird</name>
	<range><lt>31.1.2</lt></range>
      </package>
      <package>
	<name>linux-seamonkey</name>
	<range><lt>2.29.1</lt></range>
      </package>
      <package>
	<name>nss</name>
	<range><lt>3.17.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns=3D"http://www.w3.org/1999/xhtml">
	<p>The Mozilla Project reports:</p>
	<blockquote
cite=3D"http://www.mozilla.org/security/known-vulnerabilities/">
	  <p>MFSA 2014-73 RSA Signature Forgery in NSS</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-1568</cvename>
=20=20=20=20=20
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-73.html</url>
    </references>
    <dates>
      <discovery>2014-09-23</discovery>
      <entry>2014-09-24</entry>
    </dates>
  </vuln>=