Summary: | <dev-libs/nss-3.12.3-r1 Disable MD2 digest algorithm (CVE-2009-2409) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | mozilla |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2409 | ||
Whiteboard: | A4 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 280837, 280839 | ||
Bug Blocks: | 280227 |
Description
Robert Buchholz (RETIRED)
2009-08-06 19:59:07 UTC
Mark Cox wrote: The NSS library since version 3.12.3 (April 2009) has disabled MD2 by default (although legacy applications can turn it back on using an environment variable "NSS_ALLOW_WEAK_SIGNATURE_ALG" if they need to). From the original bug: ------- Comment #1 From Jory A. Pratt 2009-08-04 03:26:50 0000 [reply] ------- Mozilla team I recommend a stabilization of nspr-4.8 with nss-3.12.3, the thunderbird bug on memory is unconfirmed in my opinion, and security takes presidency. nspr-4.8 and nss-3.12.3 are stable now. i vote NO NO, too. Closing noglsa. |