[Secure-testing-commits] r27879 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Jul 22 19:28:14 UTC 2014
Author: carnil
Date: 2014-07-22 19:28:14 +0000 (Tue, 22 Jul 2014)
New Revision: 27879
Modified:
data/CVE/list
Log:
Add CVE-2014-1544/{nss,iceweasel,icedove}
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-07-22 19:21:48 UTC (rev 27878)
+++ data/CVE/list 2014-07-22 19:28:14 UTC (rev 27879)
@@ -8782,8 +8782,15 @@
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
NOTE: Only the Wheezy builds use the bundled nspr
-CVE-2014-1544
+CVE-2014-1544 [Race-condition in certificate verification can lead to Remote code execution]
RESERVED
+ - nss <unfixed>
+ - iceweasel <unfixed>
+ [squeeze] - iceweasel <end-of-life>
+ - icedove <unfixed>
+ [squeeze] - icedove <end-of-life>
+ NOTE: patch: https://hg.mozilla.org/projects/nss/rev/204f22c527f8
+ NOTE: http://www.mozilla.org/security/announce/2013/mfsa2014-63.html
CVE-2014-1543 (Multiple heap-based buffer overflows in the navigator.getGamepads ...)
- iceweasel <not-affected> (Only affects Windows 8)
- icedove <not-affected> (Only affects Windows 8)
More information about the Secure-testing-commits
mailing list