Back to bug 1012656
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Kai Engert (:kaie) (inactive account) | 2013-09-26 20:49:59 UTC | Summary | pick up NSS fix CVE-2013-1739 (moderate) | pick up NSS 3.15.2 to fix CVE-2013-1739 (moderate) |
| Kai Engert (:kaie) (inactive account) | 2013-09-26 20:58:11 UTC | Depends On | 1012678 | |
| Kai Engert (:kaie) (inactive account) | 2013-09-26 20:58:13 UTC | Depends On | 1012679 | |
| Hubert Kario | 2013-09-27 09:25:46 UTC | CC | hkario | |
| Kai Engert (:kaie) (inactive account) | 2013-10-21 16:10:50 UTC | See Also | https://bugzilla.redhat.com/show_bug.cgi?id=1012655 | |
| Kai Engert (:kaie) (inactive account) | 2013-10-21 16:16:03 UTC | Summary | pick up NSS 3.15.2 to fix CVE-2013-1739 (moderate) | pick up NSS 3.15.2 to (a) fix CVE-2013-1739 (moderate) and (b) to disable MD5 in OCSP/CRL |
| Elio Maldonado Batiz | 2013-10-22 00:14:49 UTC | Status | NEW | MODIFIED |
| Fixed In Version | nss-3.15.2-1.el7 | |||
| errata-xmlrpc | 2013-10-28 06:51:05 UTC | Status | MODIFIED | ON_QA |
| Hubert Kario | 2013-11-08 11:57:17 UTC | QA Contact | qe-baseos-security | hkario |
| Douglas Silas | 2013-11-11 18:56:03 UTC | Flags | needinfo?(emaldona) | |
| Elio Maldonado Batiz | 2013-11-13 19:47:53 UTC | Keywords | Rebase | |
| Flags | needinfo?(emaldona) | |||
| Red Hat Bugzilla | 2013-11-13 19:47:53 UTC | Doc Type | Bug Fix | Rebase: Bug Fixes and Enhancements |
| Elio Maldonado Batiz | 2013-11-13 20:00:06 UTC | Doc Text | Rebase package(s) to version: nss-3.15.2 Highlights, important fixes, or notable enhancements: A security-relevant bug has been resolved in NSS 3.15.2. (CVE-2013-1739) Avoid uninitialized data read in the event of a decryption failure. Upstream URL: https://bugzilla.mozilla.org/show_bug.cgi?id=894370 AES-GCM Ciphersuites: AES-GCM cipher suite (RFC 5288 and RFC 5289) support has been added when TLS 1.2 is negotiated. Specifically, the following cipher suites are now supported: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 |
|
| Elio Maldonado Batiz | 2013-11-13 20:01:27 UTC | Doc Text | Rebase package(s) to version: nss-3.15.2 Highlights, important fixes, or notable enhancements: A security-relevant bug has been resolved in NSS 3.15.2. (CVE-2013-1739) Avoid uninitialized data read in the event of a decryption failure. Upstream URL: https://bugzilla.mozilla.org/show_bug.cgi?id=894370 AES-GCM Ciphersuites: AES-GCM cipher suite (RFC 5288 and RFC 5289) support has been added when TLS 1.2 is negotiated. Specifically, the following cipher suites are now supported: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 | Rebase package(s) to version: nss-3.15.2 Highlights, important fixes, or notable enhancements: A security-relevant bug has been resolved in NSS 3.15.2. (CVE-2013-1739) Avoid uninitialized data read in the event of a decryption failure. Upstream URL: https://bugzilla.mozilla.org/show_bug.cgi?id=894370 MD2, MD4, and MD5 signatures are no longer accepted for OCSP or CRLs, consistent with their handling for general certificate signatures. AES-GCM Ciphersuites: AES-GCM cipher suite (RFC 5288 and RFC 5289) support has been added when TLS 1.2 is negotiated. Specifically, the following cipher suites are now supported: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 |
| Karel Srot | 2013-12-16 08:44:20 UTC | Priority | unspecified | medium |
| Severity | unspecified | medium | ||
| Karel Srot | 2014-04-15 09:58:07 UTC | Status | ON_QA | MODIFIED |
| Libor Miksik | 2015-04-17 09:44:58 UTC | CC | lmiksik | |
| Elio Maldonado Batiz | 2015-04-17 13:57:23 UTC | Status | MODIFIED | CLOSED |
| Resolution | --- | CURRENTRELEASE | ||
| Last Closed | 2015-04-17 09:57:23 UTC |
Back to bug 1012656