On Fri, Nov 04, 2011 at 03:40:26PM +0100, Moritz Muehlenhoff wrote: > Package: nss > Severity: normal > Tags: security > > Hi, > the following bug has been reported for NSS: > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3640 > > While this doesn't warrant a DSA on it's own, we could fix it > along with the next NSS DSA (probably for the CA compromise > of the day?: > http://blog.mozilla.com/security/2011/11/03/revoking-trust-in-digicert-sdn-bhd-intermediate-certificate-authority/ > )
Yes, that one is planned at the same time as the firefox security release on tuesday. BTW, I'm planning to upload 3.13.something to unstable, which contains this CVE fix already. Cheers, Mike -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

