Bug 842979 (CVE-2013-1739) - VUL-0: CVE-2013-1739: mozilla-nss: 3.15.2 security fix
Summary: VUL-0: CVE-2013-1739: mozilla-nss: 3.15.2 security fix
Status: RESOLVED FIXED
Alias: CVE-2013-1739
Product: openSUSE 12.3
Classification: openSUSE
Component: Security (show other bugs)
Version: Final
Hardware: Other Other
: P3 - Medium : Normal (vote)
Target Milestone: ---
Assignee: Wolfgang Rosenauer
QA Contact: E-mail List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-09-28 08:22 UTC by Wolfgang Rosenauer
Modified: 2019-05-31 22:39 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Wolfgang Rosenauer 2013-09-28 08:22:40 UTC 
Mozilla NSS 3.15.2 was released with a CVE assigned security issue fixed:

Security Advisories

The following security-relevant bugs have been resolved in NSS 3.15.2.
Users are encouraged to upgrade immediately.
* Bug 894370 - (CVE-2013-1739) Avoid uninitialized data read in the event
of a decryption failure.


Please let me know if an update is in order (out of band of the normal security updates for Mozilla stuff).
Next big Mozilla "patch day" is October 29, 2013
Comment 1 Marcus Meissner 2013-09-28 10:17:19 UTC 
we can just do it, it does not hurt.
Comment 2 Bernhard Wiedemann 2013-09-28 11:02:13 UTC 
This is an autogenerated message for OBS integration:
This bug (842979) was mentioned in
https://build.opensuse.org/request/show/201263 Factory / mozilla-nss
Comment 3 Bernhard Wiedemann 2013-09-28 11:02:22 UTC 
This is an autogenerated message for OBS integration:
This bug (842979) was mentioned in
https://build.opensuse.org/request/show/201262 Factory / mozilla-nss
Comment 4 Swamp Workflow Management 2013-09-28 22:00:09 UTC 
bugbot adjusting priority
Comment 5 Bernhard Wiedemann 2013-09-29 12:00:24 UTC 
This is an autogenerated message for OBS integration:
This bug (842979) was mentioned in
https://build.opensuse.org/request/show/201363 Evergreen:11.2:Test / mozilla-nss
Comment 6 Marcus Meissner 2013-10-10 15:49:21 UTC 
released.

for sle we will be doing a version update anyway soonish (tm) which will include this.
Comment 7 Swamp Workflow Management 2013-10-10 16:04:21 UTC 
openSUSE-SU-2013:1539-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 842979
CVE References: CVE-2013-1739
Sources used:
openSUSE 12.3 (src):    mozilla-nss-3.15.2-1.16.1
openSUSE 12.2 (src):    mozilla-nss-3.15.2-2.27.1
Comment 8 Swamp Workflow Management 2013-10-10 17:04:31 UTC 
openSUSE-SU-2013:1542-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 842979
CVE References: CVE-2013-1739
Sources used:
openSUSE 11.4 (src):    mozilla-nss-3.15.2-66.1
Comment 9 Bernhard Wiedemann 2013-11-10 00:00:11 UTC 
This is an autogenerated message for OBS integration:
This bug (842979) was mentioned in
https://build.opensuse.org/request/show/206413 Evergreen:11.2 / mozilla-nss