Alexander Reichle-Schmehl uploaded new packages for nss which fixed the
following security problems:

        NSS recognizes a wildcard IP address in the subject's Common
        Name field of an X.509 certificate, which might allow
        man-in-the-middle attackers to spoof arbitrary SSL servers via
        a crafted certificate issued by a legitimate Certification

        NSS does not properly set the minimum key length for
        Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for
        remote attackers to defeat cryptographic protection mechanisms
        via a brute-force attack.

For the lenny-backports distribution the problems have been fixed in
version 3.12.8-1~bpo50+1.

Upgrade instructions

If you don't use pinning (see [1]) you have to update the package
manually via "apt-get -t lenny-backports install <packagelist>" with
the packagelist of your installed packages affected by this update.
[1] <>

We recommend to pin (in /etc/apt/preferences) the backports repository
to 200 so that new versions of installed  backports will be installed

  Package: *
  Pin: release a=lenny-backports
  Pin-Priority: 200