While native firefox/thunderbird/seamonkey ports use --with-system-nss it maybe still worth updating in order to fix bugs missed in other point releases as gecko@ team may not have any committers left. And there're still 3 weeks before firefox 33.0. $ svn export https://trillian.chruetertee.ch/svn/freebsd-gecko/branches/firefox32 $ cp -R firefox32/ /usr/ports/ <vuln vid="48108fb0-751c-4cbb-8f33-09239ead4b55"> <topic>NSS -- RSA Signature Forgery</topic> <affects> <package> <name>linux-firefox</name> <range><lt>32.0.3,1</lt></range> </package> <package> <name>linux-thunderbird</name> <range><lt>31.1.2</lt></range> </package> <package> <name>linux-seamonkey</name> <range><lt>2.29.1</lt></range> </package> <package> <name>nss</name> <range><lt>3.17.1</lt></range> </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml"> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2014-73 RSA Signature Forgery in NSS</p> </blockquote> </body> </description> <references> <cvename>CVE-2014-1568</cvename> <url>https://www.mozilla.org/security/announce/2014/mfsa2014-73.html</url> </references> <dates> <discovery>2014-09-23</discovery> <entry>2014-09-24</entry> </dates> </vuln>
Auto-assigned to maintainer gecko@FreeBSD.org
Baptiste, do you have time to land the update?
A commit references this bug: Author: des Date: Thu Sep 25 07:40:34 UTC 2014 New revision: 369218 URL: http://svnweb.freebsd.org/changeset/ports/369218 Log: Upgrade to 3.17.1 PR: 193906 MFH: 2014Q3 Security: CVE-2014-1568 Changes: head/security/nss/Makefile head/security/nss/distinfo
A commit references this bug: Author: des Date: Thu Sep 25 07:43:18 UTC 2014 New revision: 369219 URL: http://svnweb.freebsd.org/changeset/ports/369219 Log: Add entry for the NSS signature forgery bug. PR: 193906 MFH: 2014Q3 Security: CVE-2014-1568 Changes: head/security/vuxml/vuln.xml
Beat updated vulnerable linux-* ports. http://svnweb.freebsd.org/changeset/ports/369237