Date: Thu, 25 Sep 2014 13:29:38 +0000 (UTC) From: Eygene Ryabinkin <rea@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r369252 - head/security/vuxml Message-ID: <201409251329.s8PDTccj073909@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rea Date: Thu Sep 25 13:29:38 2014 New Revision: 369252 URL: http://svnweb.freebsd.org/changeset/ports/369252 QAT: https://qat.redports.org/buildarchive/r369252/ Log: VuXML entry 48108fb0-751c-4cbb-8f33-09239ead4b55: expanded details Reviewed by: des@ Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Thu Sep 25 13:00:09 2014 (r369251) +++ head/security/vuxml/vuln.xml Thu Sep 25 13:29:38 2014 (r369252) @@ -122,8 +122,12 @@ Notes: <description> <body xmlns="http://www.w3.org/1999/xhtml">; <p>The Mozilla Project reports:</p> - <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/">; - <p>MFSA 2014-73 RSA Signature Forgery in NSS</p> + <blockquote cite="https://www.mozilla.org/security/announce/2014/mfsa2014-73.html">; + <p>Antoine Delignat-Lavaud discovered that NSS is vulnerable + to a variant of a signature forgery attack previously + published by Daniel Bleichenbacher. This is due to lenient + parsing of ASN.1 values involved in a signature and could + lead to the forging of RSA certificates.</p> </blockquote> </body> </description>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201409251329.s8PDTccj073909>