summaryrefslogtreecommitdiffstats
path: root/wiki/src/news/version_1.1.2.mdwn
diff options
context:
space:
mode:
authorTails developers <amnesia@boum.org>2014-09-25 14:33:32 +0200
committerTails developers <amnesia@boum.org>2014-09-25 14:33:32 +0200
commitaa3f05f1364709b55fab995b5aa48c0962558430 (patch)
tree4e709f5aac6fd58154f034f3a564a72bd3930299 /wiki/src/news/version_1.1.2.mdwn
parent1903faf23f0ec0d64176d3e67469288e81eaa9c7 (diff)
Explain why we did 1.1.2
Diffstat (limited to 'wiki/src/news/version_1.1.2.mdwn')
-rw-r--r--wiki/src/news/version_1.1.2.mdwn11
1 files changed, 11 insertions, 0 deletions
diff --git a/wiki/src/news/version_1.1.2.mdwn b/wiki/src/news/version_1.1.2.mdwn
index 246869c..05c672d 100644
--- a/wiki/src/news/version_1.1.2.mdwn
+++ b/wiki/src/news/version_1.1.2.mdwn
@@ -8,6 +8,17 @@ This release fixes [[numerous security
issues|security/Numerous_security_holes_in_1.1.1]] and all users must
[[upgrade|doc/first_steps/upgrade]] as soon as possible.
+We prepared this release mainly to fix a [[serious
+flaw|https://blog.mozilla.org/security/2014/09/24/rsa-signature-forgery-in-nss/]]
+in the Network Security Services (NSS) library used by Firefox and other
+products allows attackers to create forged RSA certificates.
+
+Before this release, users on a compromised network could be directed to sites
+using a fraudulent certificate and mistake them for legitimate sites. This could
+deceive them into revealing personal information such as usernames and
+passwords. It may also deceive users into downloading malware if they believe
+it’s coming from a trusted site.
+
[[!toc levels=1]]
# Changes