VuXML entry 48108fb0-751c-4cbb-8f33-09239ead4b55: expanded details

Reviewed by: des@
author: rea <rea@FreeBSD.org> 2014-09-25 21:29:38 +0800
committer: rea <rea@FreeBSD.org> 2014-09-25 21:29:38 +0800
commit: 44e1263e8a283cbd262023f0dceeb22aa2bb884f (patch)
tree: 0039674e129cb3a081f897b6a360ca98ecf53854
parent: 4318f78fca43d00523a8e7d74d11420aee52b9eb (diff)
download: freebsd-ports-gnome-44e1263e8a283cbd262023f0dceeb22aa2bb884f.tar.gz
freebsd-ports-gnome-44e1263e8a283cbd262023f0dceeb22aa2bb884f.tar.zst
freebsd-ports-gnome-44e1263e8a283cbd262023f0dceeb22aa2bb884f.zip
1 files changed, 6 insertions, 2 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index b85e73ce8395..d8028dfcd331 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -122,8 +122,12 @@ Notes:
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>The Mozilla Project reports:</p>
-	<blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/">
-	  <p>MFSA 2014-73 RSA Signature Forgery in NSS</p>
+	<blockquote cite="https://www.mozilla.org/security/announce/2014/mfsa2014-73.html">
+	  <p>Antoine Delignat-Lavaud discovered that NSS is vulnerable
+	  to a variant of a signature forgery attack previously
+	  published by Daniel Bleichenbacher.  This is due to lenient
+	  parsing of ASN.1 values involved in a signature and could
+	  lead to the forging of RSA certificates.</p>
 	</blockquote>
       </body>
     </description>
author	rea <rea@FreeBSD.org>	2014-09-25 21:29:38 +0800
committer	rea <rea@FreeBSD.org>	2014-09-25 21:29:38 +0800
commit	44e1263e8a283cbd262023f0dceeb22aa2bb884f (patch)
tree	0039674e129cb3a081f897b6a360ca98ecf53854
parent	4318f78fca43d00523a8e7d74d11420aee52b9eb (diff)
download	freebsd-ports-gnome-44e1263e8a283cbd262023f0dceeb22aa2bb884f.tar.gz freebsd-ports-gnome-44e1263e8a283cbd262023f0dceeb22aa2bb884f.tar.zst freebsd-ports-gnome-44e1263e8a283cbd262023f0dceeb22aa2bb884f.zip