Re: [SECURITY] [DLA 62-1] nss security update
On 25/09/2014, Holger Levsen <holger@layer-acht.org> wrote:
> Package : nss
> Version : 3.12.8-1+squeeze9
> CVE ID : CVE-2014-1568
>
> Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS
> (the Mozilla Network Security Service library) was parsing ASN.1 data
> used in signatures, making it vulnerable to a signature forgery attack.
>
> An attacker could craft ASN.1 data to forge RSA certificates with a
> valid certification chain to a trusted CA.
>
> This update fixes this issue for the NSS libraries.
>
> Note that iceweasel, which is also affected by CVE-2014-1568, however
> has reached end-of-life in Squeeze(-LTS) and thus has not been fixed.
>
Hello.
Given the last sentence of the message above, what is the standing of
iceape, and, does the patch apply to iceape?
--
Bret Busby
Armadale
West Australia
..............
"So once you do know what the question actually is,
you'll know what the answer means."
- Deep Thought,
Chapter 28 of Book 1 of
"The Hitchhiker's Guide to the Galaxy:
A Trilogy In Four Parts",
written by Douglas Adams,
published by Pan Books, 1992
....................................................
Reply to: