Your message dated Fri, 13 Mar 2015 22:02:26 +0000
with message-id <[email protected]>
and subject line Bug#773625: fixed in nss 2:3.14.5-1+deb7u4
has caused the Debian Bug report #773625,
regarding nss: CVE-2014-1569 information leak
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
773625: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773625
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
package: src:nss
version: 3.12.8-1
severity: serious
tag: security
An information leak issue was disclosed for nss, fixed in 3.17.3:
https://security-tracker.debian.org/tracker/CVE-2014-1569
Best wishes,
Mike
--- End Message ---
--- Begin Message ---
Source: nss
Source-Version: 2:3.14.5-1+deb7u4
We believe that the bug you reported is fixed in the latest version of
nss, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated nss package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 29 Dec 2014 16:11:33 +0100
Source: nss
Binary: libnss3 libnss3-1d libnss3-tools libnss3-dev libnss3-dbg
Architecture: source amd64
Version: 2:3.14.5-1+deb7u4
Distribution: wheezy-security
Urgency: high
Maintainer: Maintainers of Mozilla-related packages
<[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Description:
libnss3 - Network Security Service libraries
libnss3-1d - Network Security Service libraries - transitional package
libnss3-dbg - Debugging symbols for the Network Security Service libraries
libnss3-dev - Development files for the Network Security Service libraries
libnss3-tools - Network Security Service tools
Closes: 773625
Changes:
nss (2:3.14.5-1+deb7u4) wheezy-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Add CVE-2014-1569.patch.
CVE-2014-1569: ASN.1 DER decoding of lengths is too permissive, allowing
undetected smuggling of arbitrary data. (Closes: #773625)
Checksums-Sha1:
058492a32be9525519b0c269a67ef561175cd4fc 2193 nss_3.14.5-1+deb7u4.dsc
d7a36ddaf8f28c0480f4ed4c59169d8718280713 50232
nss_3.14.5-1+deb7u4.debian.tar.gz
d22979be2e9833ec6f3845890dc64d4ac673365e 1062946
libnss3_3.14.5-1+deb7u4_amd64.deb
597b005d6733d146645d33526dea3452e6824532 20554
libnss3-1d_3.14.5-1+deb7u4_amd64.deb
310926c2438af5e9b7040e9d78fde5ec77bc5627 228978
libnss3-tools_3.14.5-1+deb7u4_amd64.deb
3e6062e5d301c564cb750f467741258b1235d141 220802
libnss3-dev_3.14.5-1+deb7u4_amd64.deb
02decb968e0885e841eb844cb6e1edd449b2b82b 4838814
libnss3-dbg_3.14.5-1+deb7u4_amd64.deb
Checksums-Sha256:
4b4df6fc32d41e43dfaa1b15c7f90a5942aed15c18fc3083fced1171709d5e43 2193
nss_3.14.5-1+deb7u4.dsc
c8e51b22d2ff59ef28333fa288f4c71fdb88fd420153a43e6d891dc22374278f 50232
nss_3.14.5-1+deb7u4.debian.tar.gz
e1068fe79a438fab600680d4c3a54f7ff72ee474b0fee6f9a44738e86ac52ba0 1062946
libnss3_3.14.5-1+deb7u4_amd64.deb
42c2bb237d87e41ac93e29d151f309a41668b9cd359c6faa296287b4aa30c832 20554
libnss3-1d_3.14.5-1+deb7u4_amd64.deb
be563917afb0123412f5f4696f9fec0b67b241e9f7b910f4685056d7c9d9f42f 228978
libnss3-tools_3.14.5-1+deb7u4_amd64.deb
53ce197259b0eb3d2c45286aa7a45f7560b4d824f43949315d553e5c6a445c3a 220802
libnss3-dev_3.14.5-1+deb7u4_amd64.deb
99fbe44b04a2e57577e140ee02ae4027528058f50f49f814d781ac521fff75e1 4838814
libnss3-dbg_3.14.5-1+deb7u4_amd64.deb
Files:
cb0dbf366ec3b02e86425e07d110228e 2193 libs optional nss_3.14.5-1+deb7u4.dsc
a001adf4942fcaf1c8b4ea1806b558e2 50232 libs optional
nss_3.14.5-1+deb7u4.debian.tar.gz
30adefff037923b20cfdc8b6cf917e11 1062946 libs optional
libnss3_3.14.5-1+deb7u4_amd64.deb
30c3e55d8f241b8d99a2ac9ae3567681 20554 oldlibs extra
libnss3-1d_3.14.5-1+deb7u4_amd64.deb
f186be28d6e1d707e6916c1d3fcb9ecb 228978 admin optional
libnss3-tools_3.14.5-1+deb7u4_amd64.deb
a7d169811f86bcb27541ee5bea9ee7e4 220802 libdevel optional
libnss3-dev_3.14.5-1+deb7u4_amd64.deb
f6fadce94c92edb5f8468a61c1a5cd53 4838814 debug extra
libnss3-dbg_3.14.5-1+deb7u4_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJVAekKAAoJEAVMuPMTQ89EXQwQAKB7DmdN39B6pnNpbTJjuRP5
uSqPCEJcxaS47nR/9cwCUzYEfIXgj/npBOXV4vn0fHotU69FrhRpSy0W9FkVoKhR
HVHu0bbvJsLSU+l2D8H6iLHCEc8o71ooLdF1aKbL9Gi1vkyg9whXU8ZxqIlEjnSr
iBFHVwumnQIhf+QPVRixUQ1t6C4Wrot0BOwqh+ZVH3s1A54lwSlznvDhG30tmfvR
IPdjo3CkCMRg+DdUGuE3ByabX6CWbwVR4CLR0X3qnDq6HMtuRzens6xrjcTppCrU
1OGRDQfpAPsE96SrpfzGahM+U6Zc6eYhvn3wjm7cBVeGYK7HA4LoycNFqhrOqobr
SFFfJr2QeFxv6TD+ULWd7mp+8N7tn9+rwDuiM69qokMyxrSHKhnJ0T9SG+dyyMvo
ez6Ce8FNIOXycf5Ho8b1Ame67BI4A+T37No027pFY33IhW/3liEve6Ig9hXYZ0E6
4Z2ZWM5sIfyN6/Ko3Jf9ylQA2Z+rnyMn+MiuGv24esZBUSYGcVwf3q6dZuy6o4Bx
8dKgHc/z7WfO0bXd70bE8BGed7T939lpgqzDJ5UZhAUWAzFHv6U7/u+9ZO6I3NLR
9IGAUCzye+VjdaaMdgz+bXXkyBcH4Ay6DnOmFxNeowvtdaDNpmsggQyOpqkcmNZU
UqiFBZRQfVoIa4HAOGTz
=ry/z
-----END PGP SIGNATURE-----
--- End Message ---
