-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3186-1 security@xxxxxxxxxx http://www.debian.org/security/ Salvatore Bonaccorso March 13, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : nss CVE ID : CVE-2014-1569 Debian Bug : 773625 It was discovered that the Mozilla Network Security Service library (nss) incorrectly handled certain ASN.1 lengths. A remote attacker could possibly use this issue to perform a data-smuggling attack. For the stable distribution (wheezy), this problem has been fixed in version 2:3.14.5-1+deb7u4. For the upcoming stable distribution (jessie), this problem has been fixed in version 2:3.17.2-1.1. For the unstable distribution (sid), this problem has been fixed in version 2:3.17.2-1.1. We recommend that you upgrade your nss packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVApw+AAoJEAVMuPMTQ89Er54P/2hTUEoZIWoQtGbQRwjsLLeJ jrVGylGUW/Ks4js4//tqlJrnjtVpQ7JUW+Waja1+/T72vTcZnKCAvAfpevNRuRe6 83SIOwOdfLFzW/6YJf/Y8YWfoeC/I3R8m1z/s7FKAuM5fLgGJlcdgbgTCQAzaKNg 7oQR1rF3ve960ISvtDxwgrbAyAS8GSTmePSmOggNv8eTZygSfn/3fkaj9XBGOqzH /vsMM3qXcnkVt1/gDhuGikPZK58oz3tf0RvysiBhQX/JEniijeS8AWMsnElzttEd 8ouWnJeyUUgJWkBh2ktajVbSOBQVMgiHqA0rnjGLbi6SNq8TAS2vGqW2Mybjff4S tqZIgiw45Wq2nfyKIRLWVByORotcrkxQI31XfUGw1MGh03wezCW7+fyEhblnKb8h d8DK0InZrUUhNQ2cOPAf3jSk5jYtnvqRlZ+xxLZ6pFwNv118i73E3cQuKDMlloAB RcLQWnBneTKaVv6b9Aah7C1WuyyuF7ls9gB5x11CTyCgOTKnepLNZMdS6/0zoXqA I5WyvLXNIkgW2BrIhl+RT25dfO7thXUg/RVbNbDSFiN2yVobSeOh5ltiSol6QiSP tTDZQFjPFWou48YTSHa/UtgZ7/+nfsaVlpHnSesKS5aewZKFFoXs4rhToAOvwGL3 7Vu/rlXNeyzOp2/JS4In =AHyV -----END PGP SIGNATURE-----
