Summary: | <dev-libs/nss-3.15.4: False Start PR_Recv Information Disclosure Security Issue (CVE-2013-1740) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | mozilla |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/56386/ | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-01-15 13:39:01 UTC
Arches please test and mark stable =dev-libs/nss-3.15.4 with target KEYWORDS: alpha amd64 arm hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris Stable for HPPA. amd64 stable x86 stable ppc64 stable ppc stable alpha stable arm stable ia64 stable sparc stable. Maintainer(s), please cleanup. Security, please vote. + 27 Jan 2014; Lars Wendler <polynomial-c@gentoo.org> -nss-3.15.2.ebuild, + -nss-3.15.3.ebuild, -nss-3.15.3.1.ebuild, + -files/nss-3.12.6-gentoo-fixup-warnings.patch, + -files/nss-3.14.1-gentoo-fixups-r1.patch, -files/nss-3.14.2-x32.patch, + -files/nss-3.14.3_sync_with_upstream_softokn_changes.patch, + -files/nss-3.15.1-fipstest-warnings.patch: + Removed old... + CVE-2013-1740 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1740): The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic. GLSA vote: no. GLSA vote: no. Closing as [noglsa] |