Debian Security Advisory
DSA-2339-1 nss -- several vulnerabilities
- Date Reported:
- 07 Nov 2011
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 647614.
In Mitre's CVE dictionary: CVE-2011-3640.
- More information:
This update to the NSS cryptographic libraries revokes the trust in the
DigiCert Sdn. Bhdcertificate authority. More information can be found in the Mozilla Security Blog.
This update also fixes an insecure load path for pkcs11.txt configuration file (CVE-2011-3640).
For the oldstable distribution (lenny), this problem has been fixed in version 220.127.116.11-0lenny7.
For the stable distribution (squeeze), this problem has been fixed in version 3.12.8-1+squeeze4.
For the unstable distribution (sid), this problem has been fixed in version 3.13.1.with.ckbi.1.88-1.
We recommend that you upgrade your nss packages.