BSA-009 Security Update for nss

[Alexander Reichle-Schmehl]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Alexander Reichle-Schmehl uploaded new packages for nss which fixed the
following security problems:

CVE-2010-3170
        NSS recognizes a wildcard IP address in the subject's Common
        Name field of an X.509 certificate, which might allow
        man-in-the-middle attackers to spoof arbitrary SSL servers via
        a crafted certificate issued by a legitimate Certification
        Authority.

CVE-2010-3173
        NSS does not properly set the minimum key length for
        Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for
        remote attackers to defeat cryptographic protection mechanisms
        via a brute-force attack.

For the lenny-backports distribution the problems have been fixed in
version 3.12.8-1~bpo50+1.


Upgrade instructions
- --------------------

If you don't use pinning (see [1]) you have to update the package
manually via "apt-get -t lenny-backports install <packagelist>" with
the packagelist of your installed packages affected by this update.
[1] <http://backports.debian.org/Instructions>

We recommend to pin (in /etc/apt/preferences) the backports repository to
200 so that new versions of installed  backports will be installed
automatically. 

  Package: *
  Pin: release a=lenny-backports
  Pin-Priority: 200

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBCAAGBQJM0CjaAAoJEMJLZaJnLIsSiZsQALSK223p6p7PWDYoCHg2FCsk
P+Vf7Se3UnDmSsgiZGKw73AgVONYWdQLX1hq3q5qxPbay6Az7nhtZ7RCk8mqObXb
NDM8kW4CcMjHaNpSqjcgHV4clmLCF5PrmP7c0xzbwaaz9NIjhFlKuuBsRMLJvRV8
6WbCZD4VVsXRe9XK1Se+VvBYaiSRAETsEGQhd/BYYaCwcvKHvQMeNGpalBTwEWgh
N9Sx7xoAyiKmVyltgi/bowGiFawQ5QZ6cDY3kLOiqHRG52QvIJqiKtpKdSUtET59
tWAMwYzulz8e5ybDbOkncBeWCutS1SSWFFUMDzTbCN4KrLpWXZJDo4H71cJgvBb2
ga7AyDS9caQQ/quX/y0zHJJnkUH1lp6t9tkhB6llH8fXMJbILBjOu3tKRiFHgpQD
OYg1GTbvyjVW/WZfqa679pFrYi6esBix3DmijTwhYDzO1uwmz39iX/Q3NTN9Uigf
/PQOvq/0ufTKyKEJeN/TbP8qNDnydfcUj9wVE4OwNkWeqDF5EQHfodQ8MvcDcyTN
i1QBeLdwrJTiPuIxbbm42bhCF74G3qoInexQRTOWSpLWP6xB3nZuYPkT0ybQjGZJ
B/DIf9gRVXIWWO7Wo3GpuJDUU2dv4hx8lokZrCe+eQmYjLQyghaV5KNnVsph8Mzj
QuBv3RO91c7d090EzTr3
=iTXX
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to debian-backports-announce-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20101102150603.gh2...@melusine.alphascorpii.net