Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2015-3277

Source

Debian Bug report logs - #795657
libapache2-mod-nss: CVE-2015-3277: incorrect multi-keyword mode cipherstring parsing

Package: src:libapache2-mod-nss; Maintainer for src:libapache2-mod-nss is Debian 389ds Team <pkg-fedora-ds-maintainers@lists.alioth.debian.org>;

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Sun, 16 Aug 2015 06:09:06 UTC

Severity: important

Tags: security, upstream

Found in version libapache2-mod-nss/1.0.11-1

Fixed in version 1.0.14-1+rm

Done: Debian FTP Masters <ftpmaster@ftp-master.debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian 389ds Team <pkg-fedora-ds-maintainers@lists.alioth.debian.org>:
Bug#795657; Package src:libapache2-mod-nss. (Sun, 16 Aug 2015 06:09:09 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian 389ds Team <pkg-fedora-ds-maintainers@lists.alioth.debian.org>. (Sun, 16 Aug 2015 06:09:09 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Source: libapache2-mod-nss
Version: 1.0.11-1
Severity: important
Tags: security upstream

Hi,

the following vulnerability was published for libapache2-mod-nss,
introduced with the update to 1.0.11.

CVE-2015-3277[0]:
incorrect multi-keyword mode cipherstring parsing

The vulnerable code was added in 1.0.11[1] afaict.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2015-3277
[1] https://git.fedorahosted.org/cgit/mod_nss.git/commit/?id=2d1650900f4d47dc43400d826c0f7e1a7c5229b8
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1238324

Could you please double-check this?

Regards,
Salvatore

Information forwarded to debian-bugs-dist@lists.debian.org, Debian 389ds Team <pkg-fedora-ds-maintainers@lists.alioth.debian.org>:
Bug#795657; Package src:libapache2-mod-nss. (Sun, 04 Jun 2017 06:27:03 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Mühlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Debian 389ds Team <pkg-fedora-ds-maintainers@lists.alioth.debian.org>. (Sun, 04 Jun 2017 06:27:03 GMT) (full text, mbox, link).

Message #10 received at 795657@bugs.debian.org (full text, mbox, reply):

On Sun, Aug 16, 2015 at 08:05:18AM +0200, Salvatore Bonaccorso wrote:
> Source: libapache2-mod-nss
> Version: 1.0.11-1
> Severity: important
> Tags: security upstream
> 
> Hi,
> 
> the following vulnerability was published for libapache2-mod-nss,
> introduced with the update to 1.0.11.
> 
> CVE-2015-3277[0]:
> incorrect multi-keyword mode cipherstring parsing
> 
> The vulnerable code was added in 1.0.11[1] afaict.

What's the status, this bug is 2.5 years old. Is this fixed in 1.0.14?

Cheers,
        Moritz


> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> 
> For further information see:
> 
> [0] https://security-tracker.debian.org/tracker/CVE-2015-3277
> [1] https://git.fedorahosted.org/cgit/mod_nss.git/commit/?id=2d1650900f4d47dc43400d826c0f7e1a7c5229b8
> [2] https://bugzilla.redhat.com/show_bug.cgi?id=1238324
> 
> Could you please double-check this?
> 
> Regards,
> Salvatore
>

Information forwarded to debian-bugs-dist@lists.debian.org, Debian 389ds Team <pkg-fedora-ds-maintainers@lists.alioth.debian.org>:
Bug#795657; Package src:libapache2-mod-nss. (Sun, 04 Jun 2017 07:03:02 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian 389ds Team <pkg-fedora-ds-maintainers@lists.alioth.debian.org>. (Sun, 04 Jun 2017 07:03:02 GMT) (full text, mbox, link).

Message #15 received at 795657@bugs.debian.org (full text, mbox, reply):

Hi,

On Sun, Jun 04, 2017 at 08:26:19AM +0200, Moritz Mühlenhoff wrote:
> On Sun, Aug 16, 2015 at 08:05:18AM +0200, Salvatore Bonaccorso wrote:
> > Source: libapache2-mod-nss
> > Version: 1.0.11-1
> > Severity: important
> > Tags: security upstream
> > 
> > Hi,
> > 
> > the following vulnerability was published for libapache2-mod-nss,
> > introduced with the update to 1.0.11.
> > 
> > CVE-2015-3277[0]:
> > incorrect multi-keyword mode cipherstring parsing
> > 
> > The vulnerable code was added in 1.0.11[1] afaict.
> 
> What's the status, this bug is 2.5 years old. Is this fixed in 1.0.14?

AFAICT, in ChangeLog up to 1.0.14 this seems still unresolved. The Red
Hat bug seem to indicate that as well (note I adjusted the introducing
commit reference in the security-tracker since the upstream git repo
moved to pagure.io apparently).

Salvatore

Reply sent to Debian FTP Masters <ftpmaster@ftp-master.debian.org>:
You have taken responsibility. (Thu, 07 Feb 2019 03:24:03 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Thu, 07 Feb 2019 03:24:03 GMT) (full text, mbox, link).

Message #20 received at 795657-done@bugs.debian.org (full text, mbox, reply):

Version: 1.0.14-1+rm

Dear submitter,

as the package libapache2-mod-nss has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/915512

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 07 Mar 2019 07:31:59 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 17:06:15 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

libapache2-mod-nss: CVE-2015-3277: incorrect multi-keyword mode cipherstring parsing

Debian Bug report logs - #795657
libapache2-mod-nss: CVE-2015-3277: incorrect multi-keyword mode cipherstring parsing

Vulmon Search

About

Products

Connect

libapache2-mod-nss: CVE-2015-3277: incorrect multi-keyword mode cipherstring parsing

Debian Bug report logs - #795657 libapache2-mod-nss: CVE-2015-3277: incorrect multi-keyword mode cipherstring parsing

Vulmon Search

About

Products

Connect

Debian Bug report logs - #795657
libapache2-mod-nss: CVE-2015-3277: incorrect multi-keyword mode cipherstring parsing