Bug#647614: CVE-2011-3640
Mike Hommey
mh at glandium.org
Fri Nov 4 15:07:02 UTC 2011
On Fri, Nov 04, 2011 at 03:40:26PM +0100, Moritz Muehlenhoff wrote:
> Package: nss
> Severity: normal
> Tags: security
>
> Hi,
> the following bug has been reported for NSS:
> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3640
>
> While this doesn't warrant a DSA on it's own, we could fix it
> along with the next NSS DSA (probably for the CA compromise
> of the day?:
> http://blog.mozilla.com/security/2011/11/03/revoking-trust-in-digicert-sdn-bhd-intermediate-certificate-authority/ )
Yes, that one is planned at the same time as the firefox security
release on tuesday.
BTW, I'm planning to upload 3.13.something to unstable, which contains
this CVE fix already.
Cheers,
Mike
More information about the pkg-mozilla-maintainers
mailing list