[BSA-091] Security Update for nss
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
intrigeri uploaded new packages for nss which fixed the
following security problems:
CVE-2013-1739 (DSA-2790-1)
A flaw was found in the way the Mozilla Network Security Service library (nss)
read uninitialized data when there was a decryption failure. A remote attacker
could use this flaw to cause a denial of service (application crash) for
applications linked with the nss library.
CVE-2013-5605 (DSA-2800-1)
Andrew Tinits reported a potentially exploitable buffer overflow in the
Mozilla Network Security Service library (nss). With a specially crafted
request a remote attacker could cause a denial of service or possibly execute
arbitrary code.
For the squeeze-backports distribution the problems have been fixed in
version 2:3.14.5-1~bpo60+1.
For the oldstable distribution (squeeze), the problems have been fixed in
version 3.12.8-1+squeeze7.
For the stable distribution (wheezy), the problems have been fixed in version
2:3.14.5-1.
For the testing (jessie) and unstable (sid) distributions, the problems have
been fixed in version 2:3.15.3-1.
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJS94i3AAoJELrOFdKldJj/J/wP/3k9H/2vzv4eRFPuSn4P6IAK
JhpDGJK/lJAMGDmM3/RSfpH/xdpA3T5sickQdNIa/J/fWNTnjpXJ6o+XGkU5KqR1
13lTgONVnLuHlpi9Fl33Bann8Idatw0UkxGvMMXSDOIckweLYZ75iIb64ZWOq1zb
JS/2dJh2rsGP2/a+Wzks5Ic2NBsJ3fHcunnAbgZCmwW4HSWG5pM44UWmkOfXT5eI
+5tdp7VKXk1HIGgdJum3IM57VKmKKVDh1+oYESffIc5yQbIESyKc4P5SORwrdXog
FxlhhXw94N3/Rlj4s1yRjDJzrEdmWEuDB0/izScWP+a8sAYYaDyVAoAKe3OkAgox
WuEaEBywISPCtk2+hQxShnCOjso3PVc4xHeBnV/UPJdTs6T6NadxCtZrf2ikoO5v
mvXaSpUlA3DFW5oV7Ve9exvZh462zPsndMFtA0qwgvpNvZpzoSGTq8Dby2R4M+VM
fXs8hF3pyAoAjDpG1acSgO2oB8Hb+Mqd5DELoB3FJduOAIF7gbiBwFIKVjHadHGu
ndmDuLQZUoyOs3ZNsYw4yyZNwbaxKdShSFd0DY2jIGy0h0E04kfAh0o3/NUKVbCG
FwoAH/7TzAilx5qQyXimcYThKSaa0T8MOZqXJRJt/1MYIn7YcWGpwMbgoVcnNu7e
ykx95oqkvgQR1sXM8O2u
=OvBm
-----END PGP SIGNATURE-----
Reply to: