Package : nss Version : 3.12.8-1+squeeze11 CVE ID : CVE-2011-3389 CVE-2014-1569 Debian Bug : 773625 nss 3.12.8-1+squeeze11 fixes two security issues: CVE-2011-3389 SSL 3.0 and TLS 1.0 connections were vulnerable to some chosen plaintext attacks which allowed man-in-the middle attackers to obtain plaintext HTTP headers on an HTTPS session. This issue is known as the "BEAST" attack. CVE-2014-1569 Possible information leak with too-permissive ASN.1 DER decoding of length. -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/
Attachment:
signature.asc
Description: Digital signature