Re: [SECURITY] [DLA 62-1] nss security update

To: debian-lts@lists.debian.org
Subject: Re: [SECURITY] [DLA 62-1] nss security update
From: Bret Busby <bret.busby@gmail.com>
Date: Fri, 26 Sep 2014 01:33:31 +0800
Message-id: <[🔎] CACX6j8MmKUPD0Qh_dS6nLVM0OkGMyhPXbWWboSLT_h59udzJSA@mail.gmail.com>
In-reply-to: <201409251659.31700.holger@layer-acht.org>
References: <201409251659.31700.holger@layer-acht.org>

On 25/09/2014, Holger Levsen <holger@layer-acht.org> wrote:
> Package        : nss
> Version        : 3.12.8-1+squeeze9
> CVE ID         : CVE-2014-1568
>
> Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS
> (the Mozilla Network Security Service library) was parsing ASN.1 data
> used in signatures, making it vulnerable to a signature forgery attack.
>
> An attacker could craft ASN.1 data to forge RSA certificates with a
> valid certification chain to a trusted CA.
>
> This update fixes this issue for the NSS libraries.
>
> Note that iceweasel, which is also affected by CVE-2014-1568, however
> has reached end-of-life in Squeeze(-LTS) and thus has not been fixed.
>

Hello.

Given the last sentence of the message above, what is the standing of
iceape, and, does the patch apply to iceape?


-- 
Bret Busby
Armadale
West Australia
..............

"So once you do know what the question actually is,
 you'll know what the answer means."
- Deep Thought,
 Chapter 28 of Book 1 of
 "The Hitchhiker's Guide to the Galaxy:
 A Trilogy In Four Parts",
 written by Douglas Adams,
 published by Pan Books, 1992

....................................................

Reply to:

Follow-Ups:
- Re: Re: [SECURITY] [DLA 62-1] nss security update
  - From: Raphael Geissert <geissert@debian.org>

Prev by Date: Re: Glassfish security support (in Squeeze)
Next by Date: Re: Re: [SECURITY] [DLA 62-1] nss security update
Previous by thread: Bug#762715: dch: please add --lts option
Next by thread: Re: Re: [SECURITY] [DLA 62-1] nss security update
Index(es):
- Date
- Thread