On Mon, Sep 05, 2011 at 10:15:22PM +0200, Thijs Kinkhorst wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > - ------------------------------------------------------------------------- > Debian Security Advisory DSA-2300-2 secur...@debian.org > http://www.debian.org/security/ Thijs Kinkhorst > September 5, 2011 http://www.debian.org/security/faq > - ------------------------------------------------------------------------- > > Package : nss > Vulnerability : comprimised certificate authority > Problem type : local(remote) > Debian-specific: no > CVE ID : not available > > Several unauthorised SSL certificates have been found in the wild issued > for the DigiNotar Certificate Authority, obtained through a security > compromise with said company. Debian, like other software > distributors, has as a precaution decided to disable the DigiNotar > Root CA by default in the NSS crypto libraries. > > As a result from further understanding of the incident, this update > to DSA 2300 disables additional DigiNotar issuing certificates. > > For the oldstable distribution (lenny), this problem has been fixed in > version 3.12.3.1-0lenny6. > > For the stable distribution (squeeze), this problem has been fixed in > version 3.12.8-1+squeeze3. > > For the unstable distribution (sid), this problem has been fixed in > version 3.12.11-2. > > We recommend that you upgrade your nss packages. > > Further information about Debian Security Advisories, how to apply > these updates to your system and frequently asked questions can be > found at: http://www.debian.org/security/ > > Mailing list: debian-security-annou...@lists.debian.org
you appear to not be CVE(R) compliant. where is the CVE(R) id? i immediately request you get a CVE(R) id and repost this email!!! -- joro _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
