Univention Bugzilla – Bug 37045
nss: Multiple issues (4.0)
Last modified: 2017-10-26 13:54:48 CEST
Use-after-free in certificate handling (CVE-2014-1544)
ASN.1 DER decoding of lengths is too permissive (CVE-2014-1569)
(In reply to Moritz Muehlenhoff from comment #0) > Use-after-free in certificate handling (CVE-2014-1544) This was fixed during the import of the Wheezy 7.8 point update in Bug 37511
Fixed in upstream Debian package version 2:3.14.5-1+deb7u4
One more has been fixed: * NSS incorrectly permits skipping of ServerKeyExchange (CVE-2015-2721) YAML: 2015-08-29-nss.yaml
OK: 2015-08-29-nss.yaml OK: announce-errata -V 2015-08-29-nss.yaml OK: CVE-2014-1544 3.14.5-1+deb7u3 was already fixed in 4.0-1 FAIL: CVE-2014-1569 3.14.5-1+deb7u4 is also fixed $ repo_stat.py nss 2:3.14.5-1+deb7u3 imported on 2015-02-02 12:26:38.803298 Included in scope ucs4.0-1 for release tag 4.0-0-0 (71400) 2:3.14.5-1+deb7u5 imported on 2015-08-29 00:01:00.301593 Included in scope errata4.0-3 for release tag 4.0-0-0 (75315) OK: CVE-2015-2721 3.14.5-1+deb7u5 OK: CVE-2015-2730 3.14.5-1+deb7u5 RFA: Please expand "nss" at least once to "Network Security Service" to help admins to distinguish this from "Name Service Switch" or other acronym expansions. OK: aptitude install '?source-package(^nss$)' OK: signutil OK: chromium OK: openjdk-7-jre-headless
(In reply to Philipp Hahn from comment #5) > FAIL: CVE-2014-1569 3.14.5-1+deb7u4 is also fixed Added: r63376
OK: 2015-08-29-nss.yaml OK: CVE-2014-1569
<http://errata.univention.de/ucs/4.0/301.html>