On 25/09/2014, Holger Levsen <[email protected]> wrote: > Package : nss > Version : 3.12.8-1+squeeze9 > CVE ID : CVE-2014-1568 > > Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS > (the Mozilla Network Security Service library) was parsing ASN.1 data > used in signatures, making it vulnerable to a signature forgery attack. > > An attacker could craft ASN.1 data to forge RSA certificates with a > valid certification chain to a trusted CA. > > This update fixes this issue for the NSS libraries. > > Note that iceweasel, which is also affected by CVE-2014-1568, however > has reached end-of-life in Squeeze(-LTS) and thus has not been fixed. >
Hello. Given the last sentence of the message above, what is the standing of iceape, and, does the patch apply to iceape? -- Bret Busby Armadale West Australia .............. "So once you do know what the question actually is, you'll know what the answer means." - Deep Thought, Chapter 28 of Book 1 of "The Hitchhiker's Guide to the Galaxy: A Trilogy In Four Parts", written by Douglas Adams, published by Pan Books, 1992 .................................................... -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/cacx6j8mmkupd0qh_ds6nlvm0okgmyhpxbwwboslt_h59udz...@mail.gmail.com
