Information on source package nss

Available versions

ReleaseVersion
squeeze (security)3.12.8-1+squeeze7
squeeze (lts)3.12.8-1+squeeze11
wheezy2:3.14.5-1+deb7u3
wheezy (security)2:3.14.5-1+deb7u4
jessie2:3.17.2-1.1
stretch2:3.19.2-1
sid2:3.19.2-1

Open issues

BugsqueezewheezyjessiestretchsidDescription
CVE-2015-4000vulnerablevulnerablevulnerablevulnerablevulnerableThe TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is ...
CVE-2015-2730vulnerablevulnerablevulnerablefixedfixed
CVE-2015-2721vulnerablevulnerablevulnerablefixedfixed
CVE-2014-3566vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedThe SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other ...
CVE-2014-1490vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedRace condition in libssl in Mozilla Network Security Services (NSS) ...
CVE-2013-1740vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedThe ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla ...
CVE-2013-1620vulnerable (no DSA)fixedfixedfixedfixedThe TLS implementation in Mozilla Network Security Services (NSS) does ...
CVE-2013-0169vulnerable (no DSA)fixedfixedfixedfixedThe TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as ...

Open unimportant issues

BugsqueezewheezyjessiestretchsidDescription
CVE-2013-0791vulnerablefixedfixedfixedfixedThe CERT_DecodeCertPackage function in Mozilla Network Security ...

Resolved issues

BugDescription
CVE-2014-1569The definite_length_decoder function in lib/util/quickder.c in Mozilla ...
CVE-2014-1568Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before ...
CVE-2014-1544Use-after-free vulnerability in the CERT_DestroyCertificate function ...
CVE-2014-1492The cert_TestHostName function in lib/certdb/certdb.c in the ...
CVE-2014-1491Mozilla Network Security Services (NSS) before 3.15.4, as used in ...
CVE-2013-5606The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla ...
CVE-2013-5605Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 ...
CVE-2013-1741Integer overflow in Mozilla Network Security Services (NSS) 3.15 ...
CVE-2013-1739Mozilla Network Security Services (NSS) before 3.15.2 does not ensure ...
CVE-2012-0441The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security ...
CVE-2011-3640** DISPUTED ** Untrusted search path vulnerability in Mozilla Network ...
CVE-2011-3389The SSL protocol, as used in certain configurations in Microsoft ...
CVE-2010-3173The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x ...
CVE-2010-3170Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird ...
CVE-2009-3555The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as ...
CVE-2009-2409The Network Security Services (NSS) library before 3.12.3, as used in ...
CVE-2009-2408Mozilla Network Security Services (NSS) before 3.12.3, Firefox before ...
CVE-2009-2404Heap-based buffer overflow in a regular-expression parser in Mozilla ...

Security announcements

DSA / DLADescription
DSA-3186-1nss - security update
DLA-154-1nss - security update
DLA-89-1nss - security update
DSA-3071-1nss - security update
DSA-3033-1nss - security update
DLA-62-1nss - security update
DSA-2994-1nss - security update
DLA-23-1nss - security update
DSA-2800-1nss - buffer overflow
DSA-2800-1nss - buffer overflow
DSA-2790-1nss - uninitialized memory read
DSA-2599-1nss - mis-issued intermediates
DSA-2490-1nss - denial of service
DSA-2339-1nss - several
DSA-2339-1nss - several
DSA-2300-2nss - compromised certificate authority
DSA-2300-2nss - compromised certificate authority
DSA-2300-1nss - compromised certificate authority
DSA-2300-1nss - compromised certificate authority
DSA-2141-2nss - protocol design flaw
DSA-2123-1nss - cryptographic weaknesses
DSA-1874-1nss - several vulnerabilities

Search for package or bug name: Reporting problems