Debian Security Advisory
DLA-154-1 nss -- LTS security update
- Date Reported:
- 16 Feb 2015
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 773625.
In Mitre's CVE dictionary: CVE-2011-3389, CVE-2014-1569.
- More information:
nss 3.12.8-1+squeeze11 fixes two security issues:
SSL 3.0 and TLS 1.0 connections were vulnerable to some chosen plaintext attacks which allowed man-in-the middle attackers to obtain plaintext HTTP headers on an HTTPS session. This issue is known as the
Possible information leak with too-permissive ASN.1 DER decoding of length.
For Debian 6
Squeeze, these issues have been fixed in nss version 3.12.8-1+squeeze11