Debian Bug report logs -
#735105
CVE-2013-1741 and CVE-2013-5606 in wheezy
Reported by: Arne Wichmann <aw@linux.de>
Date: Sun, 12 Jan 2014 18:57:01 UTC
Severity: important
Tags: security, squeeze, wheezy
Found in version nss/2:3.14.5-1
Fixed in versions 3.12.8-1+squeeze8, nss/2:3.14.5-1+deb7u1
Done: Laurent Bigonville <bigon@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Maintainers of Mozilla-related packages <pkg-mozilla-maintainers@lists.alioth.debian.org>:
Bug#735105; Package libnss3.
(Sun, 12 Jan 2014 18:57:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Arne Wichmann <aw@linux.de>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Maintainers of Mozilla-related packages <pkg-mozilla-maintainers@lists.alioth.debian.org>.
(Sun, 12 Jan 2014 18:57:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: libnss3
Version: 2:3.14.5-1
Severity: important
Tags: security, wheezy, squeeze
Hi!
You recently fixed CVE-2013-1741 in unstable, but it is still open for wheezy
and squeeze.
cu
AW
-- System Information:
Debian Release: 7.3
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash
Versions of packages libnss3 depends on:
ii libc6 2.13-38
ii libnspr4 2:4.9.2-1+deb7u1
ii libnspr4-0d 2:4.9.2-1+deb7u1
ii libsqlite3-0 3.7.13-1+deb7u1
ii multiarch-support 2.13-38
ii zlib1g 1:1.2.7.dfsg-13
libnss3 recommends no packages.
libnss3 suggests no packages.
-- no debconf information
Information forwarded
to debian-bugs-dist@lists.debian.org, Maintainers of Mozilla-related packages <pkg-mozilla-maintainers@lists.alioth.debian.org>:
Bug#735105; Package libnss3.
(Sun, 12 Jan 2014 20:21:11 GMT) (full text, mbox, link).
Acknowledgement sent
to Arne Wichmann <aw@anhrefn.saar.de>:
Extra info received and forwarded to list. Copy sent to Maintainers of Mozilla-related packages <pkg-mozilla-maintainers@lists.alioth.debian.org>.
(Sun, 12 Jan 2014 20:21:11 GMT) (full text, mbox, link).
Message #10 received at 735105@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
control: retitle 735105 CVE-2013-1741 and CVE-2013-5606 in wheezy
Hi.
The same applies to CVE-2013-5606. (Oops, I sent too fast.)
cu
AW
--
[...] If you don't want to be restricted, don't agree to it. If you are
coerced, comply as much as you must to protect yourself, just don't support
it. Noone can free you but yourself. (crag, on Debian Planet)
Arne Wichmann (aw@linux.de)
[signature.asc (application/pgp-signature, inline)]
Changed Bug title to 'CVE-2013-1741 and CVE-2013-5606 in wheezy' from 'libnss3: CVE-2013-1741 in wheezy'
Request was from Arne Wichmann <aw@anhrefn.saar.de>
to 735105-submit@bugs.debian.org.
(Sun, 12 Jan 2014 20:21:11 GMT) (full text, mbox, link).
Marked as fixed in versions nss/2:3.14.5-1+deb7u1.
Request was from Laurent Bigonville <bigon@debian.org>
to control@bugs.debian.org.
(Tue, 19 Apr 2016 15:06:04 GMT) (full text, mbox, link).
Marked Bug as done
Request was from Laurent Bigonville <bigon@debian.org>
to control@bugs.debian.org.
(Tue, 19 Apr 2016 15:06:04 GMT) (full text, mbox, link).
Notification sent
to Arne Wichmann <aw@linux.de>:
Bug acknowledged by developer.
(Tue, 19 Apr 2016 15:06:05 GMT) (full text, mbox, link).
Marked as fixed in versions 3.12.8-1+squeeze8.
Request was from Laurent Bigonville <bigon@debian.org>
to control@bugs.debian.org.
(Tue, 19 Apr 2016 15:06:06 GMT) (full text, mbox, link).
Message sent on
to Arne Wichmann <aw@linux.de>:
Bug#735105.
(Tue, 19 Apr 2016 15:06:08 GMT) (full text, mbox, link).
Message #23 received at 735105-submitter@bugs.debian.org (full text, mbox, reply):
close 735105 2:3.14.5-1+deb7u1
fixed 735105 3.12.8-1+squeeze8
thanks
Hi,
Looking at the security tracker, these to CVE have been fixed in both wheezy and squeeze
https://security-tracker.debian.org/tracker/CVE-2013-5606
https://security-tracker.debian.org/tracker/CVE-2013-1741
https://lists.debian.org/debian-security-announce/2014/msg00176.html
I'm closing this bug
Cheers,
Laurent Bigonville
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Wed, 18 May 2016 07:25:43 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 19:23:31 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon