Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 24 Sep 2014 20:24:03 +0000
From:      bugzilla-noreply@freebsd.org
To:        gecko@FreeBSD.org
Subject:   [Bug 193906] New: security/nss: update to 3.17.1 to fix CVE-2014-1568
Message-ID:  <bug-193906-21738@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=193906

            Bug ID: 193906
           Summary: security/nss: update to 3.17.1 to fix CVE-2014-1568
           Product: Ports Tree
           Version: Latest
          Hardware: Any
                OS: Any
            Status: Needs Triage
          Keywords: patch
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: gecko@FreeBSD.org
          Reporter: jbeich@vfemail.net
          Assignee: gecko@FreeBSD.org
             Flags: maintainer-feedback?(gecko@FreeBSD.org)

While native firefox/thunderbird/seamonkey ports use --with-system-nss it maybe
still worth updating in order to fix bugs missed in other point releases as
gecko@ team may not have any committers left. And there're still 3 weeks before
firefox 33.0.

$ svn export
https://trillian.chruetertee.ch/svn/freebsd-gecko/branches/firefox32
$ cp -R firefox32/ /usr/ports/

  <vuln vid="48108fb0-751c-4cbb-8f33-09239ead4b55">
    <topic>NSS -- RSA Signature Forgery</topic>
    <affects>
      <package>
    <name>linux-firefox</name>
    <range><lt>32.0.3,1</lt></range>
      </package>
      <package>
    <name>linux-thunderbird</name>
    <range><lt>31.1.2</lt></range>
      </package>
      <package>
    <name>linux-seamonkey</name>
    <range><lt>2.29.1</lt></range>
      </package>
      <package>
    <name>nss</name>
    <range><lt>3.17.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">;
    <p>The Mozilla Project reports:</p>
    <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/">;
      <p>MFSA 2014-73 RSA Signature Forgery in NSS</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-1568</cvename>
     
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-73.html</url>;
    </references>
    <dates>
      <discovery>2014-09-23</discovery>
      <entry>2014-09-24</entry>
    </dates>
  </vuln>

--- Comment #1 from Bugzilla Automation <bugzilla@FreeBSD.org> ---
Auto-assigned to maintainer gecko@FreeBSD.org

-- 
You are receiving this mail because:
You are the assignee for the bug.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-193906-21738>