[Bug 1258286] Re: CAcert should not be trusted by default
Launchpad Bug Tracker
1258286 at bugs.launchpad.net
Wed Apr 2 17:19:26 UTC 2014
This bug was fixed in the package nss - 3.15.4-0ubuntu0.12.04.2
---------------
nss (3.15.4-0ubuntu0.12.04.2) precise-security; urgency=medium
* SECURITY UPDATE: incorrect IDNA wildcard handling
- debian/patches/CVE-2014-1492.patch: conform to RFC 6125 in
nss/lib/certdb/certdb.c.
- CVE-2014-1492
* No longer ship cacert.org certificates. (LP: #1258286)
- removed debian/patches/95_add_spi+cacert_ca_certs.patch
- added debian/patches/95_add_spi_certs.patch
-- Marc Deslauriers <marc.deslauriers at ubuntu.com> Wed, 02 Apr 2014 10:22:10 -0400
** Changed in: nss (Ubuntu Precise)
Status: New => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-1492
** Changed in: nss (Ubuntu Quantal)
Status: New => Fix Released
--
You received this bug notification because you are a member of Mozilla
Bugs, which is subscribed to nss in Ubuntu.
https://bugs.launchpad.net/bugs/1258286
Title:
CAcert should not be trusted by default
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1258286/+subscriptions
More information about the Ubuntu-mozillateam-bugs
mailing list