[Secure-testing-commits] r27879 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Tue Jul 22 19:28:14 UTC 2014


Author: carnil
Date: 2014-07-22 19:28:14 +0000 (Tue, 22 Jul 2014)
New Revision: 27879

Modified:
   data/CVE/list
Log:
Add CVE-2014-1544/{nss,iceweasel,icedove}

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-07-22 19:21:48 UTC (rev 27878)
+++ data/CVE/list	2014-07-22 19:28:14 UTC (rev 27879)
@@ -8782,8 +8782,15 @@
 	[squeeze] - iceweasel <end-of-life>
 	[squeeze] - icedove <end-of-life>
 	NOTE: Only the Wheezy builds use the bundled nspr
-CVE-2014-1544
+CVE-2014-1544 [Race-condition in certificate verification can lead to Remote code execution]
 	RESERVED
+	- nss <unfixed>
+	- iceweasel <unfixed>
+	[squeeze] - iceweasel <end-of-life>
+	- icedove <unfixed>
+	[squeeze] - icedove <end-of-life>
+	NOTE: patch: https://hg.mozilla.org/projects/nss/rev/204f22c527f8
+	NOTE: http://www.mozilla.org/security/announce/2013/mfsa2014-63.html
 CVE-2014-1543 (Multiple heap-based buffer overflows in the navigator.getGamepads ...)
 	- iceweasel <not-affected> (Only affects Windows 8)
 	- icedove <not-affected> (Only affects Windows 8)




More information about the Secure-testing-commits mailing list