blob: 6c46f9801b05fc36db95f38da8882066003d23dc (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
<define-tag description>LTS security update</define-tag>
<define-tag moreinfo>
<ul>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2013-1741">CVE-2013-1741</a>
<p>Runaway memset in certificate parsing on 64-bit computers leading to
a crash by attempting to write 4Gb of nulls.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2013-5606">CVE-2013-5606</a>
<p>Certificate validation with the verifylog mode did not return
validation errors, but instead expected applications to determine
the status by looking at the log.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2014-1491">CVE-2014-1491</a>
<p>Ticket handling protection mechanisms bypass due to the lack of
restriction of public values in Diffie-Hellman key exchanges.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2014-1492">CVE-2014-1492</a>
<p>Incorrect IDNA domain name matching for wildcard certificates could
allow specially-crafted invalid certificates to be considered as
valid.</p></li>
</ul>
<p>For Debian 6 <q>Squeeze</q>, these issues have been fixed in nss version 3.12.8-1+squeeze8</p>
</define-tag>
# do not modify the following line
#include "$(ENGLISHDIR)/lts/security/2014/dla-23.data"
# $Id$
|