Full Disclosure mailing list archives
Re: [SECURITY] [DSA 2300-2] nss security update
From: Georgi Guninski <guninski () guninski com>
Date: Tue, 6 Sep 2011 19:29:56 +0300
On Mon, Sep 05, 2011 at 10:15:22PM +0200, Thijs Kinkhorst wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2300-2 security () debian org http://www.debian.org/security/ Thijs Kinkhorst September 5, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : nss Vulnerability : comprimised certificate authority Problem type : local(remote) Debian-specific: no CVE ID : not available Several unauthorised SSL certificates have been found in the wild issued for the DigiNotar Certificate Authority, obtained through a security compromise with said company. Debian, like other software distributors, has as a precaution decided to disable the DigiNotar Root CA by default in the NSS crypto libraries. As a result from further understanding of the incident, this update to DSA 2300 disables additional DigiNotar issuing certificates. For the oldstable distribution (lenny), this problem has been fixed in version 3.12.3.1-0lenny6. For the stable distribution (squeeze), this problem has been fixed in version 3.12.8-1+squeeze3. For the unstable distribution (sid), this problem has been fixed in version 3.12.11-2. We recommend that you upgrade your nss packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce () lists debian org
you appear to not be CVE(R) compliant. where is the CVE(R) id? i immediately request you get a CVE(R) id and repost this email!!! -- joro _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [SECURITY] [DSA 2300-2] nss security update Thijs Kinkhorst (Sep 06)
- Re: [SECURITY] [DSA 2300-2] nss security update Georgi Guninski (Sep 06)
- Re: [SECURITY] [DSA 2300-2] nss security update Valdis . Kletnieks (Sep 06)
- Re: [SECURITY] [DSA 2300-2] nss security update Georgi Guninski (Sep 06)