Bug 30634

Summary: nss: Multiple issues (3.1)
Product: UCS Reporter: Moritz Muehlenhoff <jmm>
Component: Security updatesAssignee: Security maintainers <security-maintainers>
Status: CLOSED WONTFIX QA Contact:
Severity: normal    
Priority: P3    
Version: UCS 3.0   
Target Milestone: UCS 3.1-x-errata   
Hardware: Other   
OS: Linux   
What kind of report is it?: --- What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score:

Description Moritz Muehlenhoff univentionstaff 2013-03-01 16:18:42 CET 
"Lucky 13" attack on TLS (CVE-2013-0169, CVE-2013-1620)
Comment 1 Moritz Muehlenhoff univentionstaff 2013-11-27 14:59:04 CET 
Buffer overflow in parsing the cipher list (CVE-2013-5605)
Incomplete rejection of invalid certificates (CVE-2013-5606)
Denial of service in certificate parsing (CVE-2013-1741)
Comment 2 Moritz Muehlenhoff univentionstaff 2014-01-17 10:53:09 CET 
Information disclosure in SSL handshake (CVE-2013-1740)
Comment 3 Moritz Muehlenhoff univentionstaff 2014-03-21 08:50:47 CET 
Incorrect wildcard parsing in internationalised domain names (CVE-2014-1492)
Comment 4 Moritz Muehlenhoff univentionstaff 2014-06-02 07:59:20 CEST 
The maintenance with bug and security fixes for UCS 3.1-x has ended on 31st of May 2014.

The maintenance of the UCS 3.x major series is continued by UCS 3.2-x that is supplied with bug and security fixes.

Customers still on UCS 3.1-x are encouraged to update to UCS 3.2. Please contact your partner or Univention for any questions.