intrigeri uploaded new packages for nss which fixed the
following security problems:
CVE-2013-1739 (DSA-2790-1)
A flaw was found in the way the Mozilla Network Security Service library (nss)
read uninitialized data when there was a decryption failure. A remote attacker
could use this flaw to cause a denial of service (application crash) for
applications linked with the nss library.
CVE-2013-5605 (DSA-2800-1)
Andrew Tinits reported a potentially exploitable buffer overflow in the
Mozilla Network Security Service library (nss). With a specially crafted
request a remote attacker could cause a denial of service or possibly execute
arbitrary code.
For the squeeze-backports distribution the problems have been fixed in
version 2:3.14.5-1~bpo60+1.
For the oldstable distribution (squeeze), the problems have been fixed in
version 3.12.8-1+squeeze7.
For the stable distribution (wheezy), the problems have been fixed in version
2:3.14.5-1.
For the testing (jessie) and unstable (sid) distributions, the problems have
been fixed in version 2:3.15.3-1.