← Back to team overview

ubuntu-389-directory-server team mailing list archive

  1. ubuntu-389-directory-server team
  2. Mailing list archive
  3. Message #00195

[Bug 1284841] [NEW] Sync libapache2-mod-nss 1.0.8-4 (universe) from Debian unstable (main)

  Thread PreviousDate PreviousThread Next 
Public bug reported:

Please sync libapache2-mod-nss 1.0.8-4 (universe) from Debian unstable
(main)

Explanation of the Ubuntu delta and why it can be dropped:
  * Merge from unreleased debian git.
    - CVE fixes
  * Fake sync due to mismatching orig tarball.
Fixed in debian, debian also has 2 CVE fixes

Changelog entries since current trusty version 1.0.8-3ubuntu1:

libapache2-mod-nss (1.0.8-4) unstable; urgency=medium

  * mod_nss-clientauth.patch:
    - Fix CVE-2011-4973: FakeBasicAuth authentication bypass.
      (Closes: #729626)
  * mod_nss-nssverifyclient.patch:
    - Fix CVE-2013-4566: incorrect handling of NSSVerifyClient in
      directory context. (Closes: #731627)
  * control: Bump policy to 3.9.5, no changes.

 -- Timo Aaltonen <tjaalton@xxxxxxxxxx>  Mon, 03 Feb 2014 11:23:58 +0200

** Affects: libapache2-mod-nss (Ubuntu)
     Importance: Wishlist
         Status: New

** Changed in: libapache2-mod-nss (Ubuntu)
   Importance: Undecided => Wishlist

-- 
You received this bug notification because you are a member of Ubuntu
389 Directory Server, which is subscribed to libapache2-mod-nss in
Ubuntu.
https://bugs.launchpad.net/bugs/1284841

Title:
  Sync libapache2-mod-nss 1.0.8-4 (universe) from Debian unstable (main)

Status in “libapache2-mod-nss” package in Ubuntu:
  New

Bug description:
  Please sync libapache2-mod-nss 1.0.8-4 (universe) from Debian unstable
  (main)

  Explanation of the Ubuntu delta and why it can be dropped:
    * Merge from unreleased debian git.
      - CVE fixes
    * Fake sync due to mismatching orig tarball.
  Fixed in debian, debian also has 2 CVE fixes

  Changelog entries since current trusty version 1.0.8-3ubuntu1:

  libapache2-mod-nss (1.0.8-4) unstable; urgency=medium

    * mod_nss-clientauth.patch:
      - Fix CVE-2011-4973: FakeBasicAuth authentication bypass.
        (Closes: #729626)
    * mod_nss-nssverifyclient.patch:
      - Fix CVE-2013-4566: incorrect handling of NSSVerifyClient in
        directory context. (Closes: #731627)
    * control: Bump policy to 3.9.5, no changes.

   -- Timo Aaltonen <tjaalton@xxxxxxxxxx>  Mon, 03 Feb 2014 11:23:58
  +0200

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libapache2-mod-nss/+bug/1284841/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next