[Secure-testing-commits] r29930 - data/CVE

[Raphael Geissert]

Author: geissert
Date: 2014-11-09 14:32:32 +0000 (Sun, 09 Nov 2014)
New Revision: 29930

Modified:
   data/CVE/list
Log:
two nss issues no-dsa for wheezy


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-11-09 13:55:47 UTC (rev 29929)
+++ data/CVE/list	2014-11-09 14:32:32 UTC (rev 29930)
@@ -17994,8 +17994,10 @@
 	- icedove 24.3.0-1
 	- nss 2:3.15.4-1
 	[squeeze] - nss <no-dsa> (Too complex to backport)
+	[wheezy] - nss <no-dsa> (complex to backport)
 	[squeeze] - iceweasel <end-of-life>
 	[squeeze] - icedove <end-of-life>
+	NOTE: session tickets must be enabled by the client (mainly browsers)
 CVE-2014-1489 (Mozilla Firefox before 27.0 does not properly restrict access to ...)
 	- iceweasel <not-affected> (Only affects Firefox 26)
 	- icedove <not-affected> (Only affects Firefox 26)
@@ -36339,6 +36341,8 @@
 CVE-2013-1740 (The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla ...)
 	- nss 2:3.15.4-1
 	[squeeze] - nss <no-dsa> (false start disabled by default, needs to be enabled by clients)
+	[wheezy] - nss <no-dsa> (false start disabled by default, needs to be enabled by clients)
+	NOTE: false start must be enabled by the client (mainly browsers)
 CVE-2013-1739 (Mozilla Network Security Services (NSS) before 3.15.2 does not ensure ...)
 	{DSA-2790-1}
 	- nss 2:3.15.2-1 (bug #726473)