Change log for nss package in Ubuntu

175 of 208 results
Published in trusty-updates on 2019-02-27
Published in trusty-security on 2019-02-27
nss (2:3.28.4-0ubuntu0.14.04.5) trusty-security; urgency=medium

  * SECURITY UPDATE: DoS in NULL pointer dereference in CMS functions
    - debian/patches/CVE-2018-18508-1.patch: add null checks in
      nss/lib/smime/cmscinfo.c, nss/lib/smime/cmsdigdata.c,
      nss/lib/smime/cmsencdata.c, nss/lib/smime/cmsenvdata.c,
      nss/lib/smime/cmsmessage.c, nss/lib/smime/cmsudf.c.
    - debian/patches/CVE-2018-18508-2.patch: add null checks in
      nss/lib/smime/cmsmessage.c.
    - CVE-2018-18508

 -- Marc Deslauriers <email address hidden>  Tue, 19 Feb 2019 14:41:32 +0100
Published in bionic-updates on 2019-02-27
Published in bionic-security on 2019-02-27
nss (2:3.35-2ubuntu2.2) bionic-security; urgency=medium

  * SECURITY UPDATE: DoS in NULL pointer dereference in CMS functions
    - debian/patches/CVE-2018-18508-1.patch: add null checks in
      nss/lib/smime/cmscinfo.c, nss/lib/smime/cmsdigdata.c,
      nss/lib/smime/cmsencdata.c, nss/lib/smime/cmsenvdata.c,
      nss/lib/smime/cmsmessage.c, nss/lib/smime/cmsudf.c.
    - debian/patches/CVE-2018-18508-2.patch: add null checks in
      nss/lib/smime/cmsmessage.c.
    - CVE-2018-18508

 -- Marc Deslauriers <email address hidden>  Tue, 19 Feb 2019 13:38:25 +0100
Published in xenial-updates on 2019-02-27
Published in xenial-security on 2019-02-27
nss (2:3.28.4-0ubuntu0.16.04.5) xenial-security; urgency=medium

  * SECURITY UPDATE: DoS in NULL pointer dereference in CMS functions
    - debian/patches/CVE-2018-18508-1.patch: add null checks in
      nss/lib/smime/cmscinfo.c, nss/lib/smime/cmsdigdata.c,
      nss/lib/smime/cmsencdata.c, nss/lib/smime/cmsenvdata.c,
      nss/lib/smime/cmsmessage.c, nss/lib/smime/cmsudf.c.
    - debian/patches/CVE-2018-18508-2.patch: add null checks in
      nss/lib/smime/cmsmessage.c.
    - CVE-2018-18508

 -- Marc Deslauriers <email address hidden>  Tue, 19 Feb 2019 13:39:44 +0100
Published in cosmic-updates on 2019-02-27
Published in cosmic-security on 2019-02-27
nss (2:3.36.1-1ubuntu1.2) cosmic-security; urgency=medium

  * SECURITY UPDATE: DoS in NULL pointer dereference in CMS functions
    - debian/patches/CVE-2018-18508-1.patch: add null checks in
      nss/lib/smime/cmscinfo.c, nss/lib/smime/cmsdigdata.c,
      nss/lib/smime/cmsencdata.c, nss/lib/smime/cmsenvdata.c,
      nss/lib/smime/cmsmessage.c, nss/lib/smime/cmsudf.c.
    - debian/patches/CVE-2018-18508-2.patch: add null checks in
      nss/lib/smime/cmsmessage.c.
    - CVE-2018-18508

 -- Marc Deslauriers <email address hidden>  Tue, 19 Feb 2019 13:37:53 +0100
Published in eoan-release on 2019-04-18
Published in disco-release on 2019-02-20
Deleted in disco-proposed (Reason: moved to release)
nss (2:3.42-1ubuntu2) disco; urgency=medium

  * SECURITY UPDATE: DoS in NULL pointer dereference in CMS functions
    - debian/patches/CVE-2018-18508-1.patch: add null checks in
      nss/lib/smime/cmscinfo.c, nss/lib/smime/cmsdigdata.c,
      nss/lib/smime/cmsencdata.c, nss/lib/smime/cmsenvdata.c,
      nss/lib/smime/cmsmessage.c, nss/lib/smime/cmsudf.c.
    - debian/patches/CVE-2018-18508-2.patch: add null checks in
      nss/lib/smime/cmsmessage.c.
    - CVE-2018-18508

 -- Marc Deslauriers <email address hidden>  Tue, 19 Feb 2019 12:04:49 +0100
Superseded in disco-release on 2019-02-20
Deleted in disco-proposed on 2019-02-21 (Reason: moved to release)
nss (2:3.42-1ubuntu1) disco; urgency=medium

  * Merge with Debian unstable (LP: #1813593). Remaining changes:
    - d/libnss3.links: make freebl3 available as library (LP 1744328)
    - d/control: add dh-exec to Build-Depends
    - d/rules: make mkdir tolerate debian/tmp existing (due to dh-exec)

Available diffs

Superseded in trusty-updates on 2019-02-27
Superseded in trusty-security on 2019-02-27
nss (2:3.28.4-0ubuntu0.14.04.4) trusty-security; urgency=medium

  * SECURITY UPDATE: side-channel attack on ECDSA signatures
    - debian/patches/CVE-2018-0495.patch: improve ecdsa and dsa in
      nss/lib/freebl/dsa.c, nss/lib/freebl/ec.c.
    - CVE-2018-0495
  * SECURITY UPDATE: ServerHello.random is all zero in v2 ClientHello
    - debian/patches/CVE-2018-12384-1.patch: fix random logic in
      nss/lib/ssl/ssl3con.c.
    - debian/patches/CVE-2018-12384-2.patch: add tests to
      nss/gtests/ssl_gtest/ssl_loopback_unittest.cc,
      nss/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc.
    - CVE-2018-12384
  * SECURITY UPDATE: cache side-channel variant of the Bleichenbacher attack
    - debian/patches/CVE-2018-12404-1.patch: improve RSA key exchange
      handling in nss/lib/ssl/ssl3con.c.
    - debian/patches/CVE-2018-12404-3.patch: add constant time
      mp_to_fixlen_octets in nss/gtests/freebl_gtest/mpi_unittest.cc,
      nss/lib/freebl/mpi/mpi.c, nss/lib/freebl/mpi/mpi.h.
    - CVE-2018-12404

 -- Marc Deslauriers <email address hidden>  Fri, 14 Dec 2018 10:33:50 -0500
Superseded in xenial-updates on 2019-02-27
Superseded in xenial-security on 2019-02-27
nss (2:3.28.4-0ubuntu0.16.04.4) xenial-security; urgency=medium

  * SECURITY UPDATE: side-channel attack on ECDSA signatures
    - debian/patches/CVE-2018-0495.patch: improve ecdsa and dsa in
      nss/lib/freebl/dsa.c, nss/lib/freebl/ec.c.
    - CVE-2018-0495
  * SECURITY UPDATE: ServerHello.random is all zero in v2 ClientHello
    - debian/patches/CVE-2018-12384-1.patch: fix random logic in
      nss/lib/ssl/ssl3con.c.
    - debian/patches/CVE-2018-12384-2.patch: add tests to
      nss/gtests/ssl_gtest/ssl_loopback_unittest.cc,
      nss/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc.
    - CVE-2018-12384
  * SECURITY UPDATE: cache side-channel variant of the Bleichenbacher attack
    - debian/patches/CVE-2018-12404-1.patch: improve RSA key exchange
      handling in nss/lib/ssl/ssl3con.c.
    - debian/patches/CVE-2018-12404-3.patch: add constant time
      mp_to_fixlen_octets in nss/gtests/freebl_gtest/mpi_unittest.cc,
      nss/lib/freebl/mpi/mpi.c, nss/lib/freebl/mpi/mpi.h.
    - CVE-2018-12404

 -- Marc Deslauriers <email address hidden>  Fri, 14 Dec 2018 09:59:33 -0500
Superseded in bionic-updates on 2019-02-27
Superseded in bionic-security on 2019-02-27
nss (2:3.35-2ubuntu2.1) bionic-security; urgency=medium

  * SECURITY UPDATE: side-channel attack on ECDSA signatures
    - debian/patches/CVE-2018-0495.patch: improve ecdsa and dsa in
      nss/lib/freebl/dsa.c, nss/lib/freebl/ec.c.
    - CVE-2018-0495
  * SECURITY UPDATE: ServerHello.random is all zero in v2 ClientHello
    - debian/patches/CVE-2018-12384-1.patch: fix random logic in
      nss/lib/ssl/ssl3con.c.
    - debian/patches/CVE-2018-12384-2.patch: add tests to
      nss/gtests/ssl_gtest/ssl_loopback_unittest.cc,
      nss/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc.
    - CVE-2018-12384
  * SECURITY UPDATE: cache side-channel variant of the Bleichenbacher attack
    - debian/patches/CVE-2018-12404-1.patch: improve RSA key exchange
      handling in nss/lib/ssl/ssl3con.c.
    - debian/patches/CVE-2018-12404-2.patch: improve padding checks in
      RSA_DecryptBlock in nss/gtests/freebl_gtest/rsa_unittest.cc,
      nss/lib/freebl/rsapkcs.c.
    - debian/patches/CVE-2018-12404-3.patch: add constant time
      mp_to_fixlen_octets in nss/gtests/freebl_gtest/mpi_unittest.cc,
      nss/lib/freebl/mpi/mpi.c, nss/lib/freebl/mpi/mpi.h.
    - CVE-2018-12404

 -- Marc Deslauriers <email address hidden>  Wed, 12 Dec 2018 14:51:11 -0500
Superseded in cosmic-updates on 2019-02-27
Superseded in cosmic-security on 2019-02-27
nss (2:3.36.1-1ubuntu1.1) cosmic-security; urgency=medium

  * SECURITY UPDATE: side-channel attack on ECDSA signatures
    - debian/patches/CVE-2018-0495.patch: improve ecdsa and dsa in
      nss/lib/freebl/dsa.c, nss/lib/freebl/ec.c.
    - CVE-2018-0495
  * SECURITY UPDATE: ServerHello.random is all zero in v2 ClientHello
    - debian/patches/CVE-2018-12384-1.patch: fix random logic in
      nss/lib/ssl/ssl3con.c.
    - debian/patches/CVE-2018-12384-2.patch: add tests to
      nss/gtests/ssl_gtest/ssl_loopback_unittest.cc,
      nss/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc.
    - CVE-2018-12384
  * SECURITY UPDATE: cache side-channel variant of the Bleichenbacher attack
    - debian/patches/CVE-2018-12404-1.patch: improve RSA key exchange
      handling in nss/lib/ssl/ssl3con.c.
    - debian/patches/CVE-2018-12404-2.patch: improve padding checks in
      RSA_DecryptBlock in nss/gtests/freebl_gtest/rsa_unittest.cc,
      nss/lib/freebl/rsapkcs.c.
    - debian/patches/CVE-2018-12404-3.patch: add constant time
      mp_to_fixlen_octets in nss/gtests/freebl_gtest/mpi_unittest.cc,
      nss/lib/freebl/mpi/mpi.c, nss/lib/freebl/mpi/mpi.h.
    - CVE-2018-12404
  * debian/patches/stringop_truncation.patch: fix FTBFS.

 -- Marc Deslauriers <email address hidden>  Wed, 12 Dec 2018 14:44:32 -0500
Superseded in disco-release on 2019-02-05
Deleted in disco-proposed on 2019-02-06 (Reason: moved to release)
nss (2:3.39-1ubuntu1) disco; urgency=medium

  * Merge with Debian unstable. Remaining changes (LP: #1803707):
    - d/libnss3.links: make freebl3 available as library (LP 1744328)
      - d/control: add dh-exec to Build-Depends
      - d/rules: make mkdir tolerate debian/tmp existing (due to dh-exec)
  * Dropped changes:
    - d/rules: when building with -O3 on ppc64el this FTBFS, build with
      -Wno-error=maybe-uninitialized to avoid that

Superseded in disco-release on 2018-11-29
Published in cosmic-release on 2018-05-12
Deleted in cosmic-proposed (Reason: moved to release)
nss (2:3.36.1-1ubuntu1) cosmic; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - d/libnss3.links: make freebl3 available as library (LP 1744328)
      - d/control: add dh-exec to Build-Depends
      - d/rules: make mkdir tolerate debian/tmp existing (due to dh-exec)
    - d/rules: when building with -O3 on ppc64el this FTBFS, build with
      -Wno-error=maybe-uninitialized to avoid that
  * Dropped changes:
    - revert switching to SQL default format (LP: 1746947) Dropping this
      adresses (LP: #1747411) and effectively means we now switch to the new
      default format after we ensured all depending packages are ready.
  * Added changes:
    - d/rules: extended the FTBFS to -O3 on ppc64el to only apply on ppc64el

Superseded in cosmic-release on 2018-05-12
Published in bionic-release on 2018-02-05
Deleted in bionic-proposed (Reason: moved to release)
nss (2:3.35-2ubuntu2) bionic; urgency=medium

  * d/p/lp1746947-revert-switch-default-to-sql.patch: the switch of the
    default is still causing too much issues in consumers of nss.
    So until resolved revert the switched default (LP: #1746947)

Superseded in bionic-proposed on 2018-02-05
nss (2:3.35-2ubuntu1) bionic; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - When building with -O3, build with -Wno-error=maybe-uninitialized.
  * Added Changes:
    - d/libnss3.links: make freebl3 available as library (LP: #1744328)
      + d/control: add dh-exec to Build-Depends
      + d/rules: make mkdir tolerate debian/tmp existing (due to dh-exec)

 -- Christian Ehrhardt <email address hidden>  Tue, 30 Jan 2018 14:04:20 +0100

Available diffs

Superseded in bionic-release on 2018-02-05
Deleted in bionic-proposed on 2018-02-07 (Reason: moved to release)
nss (2:3.34-1ubuntu1) bionic; urgency=medium

  * Merge with Debian; remaining changes:
    - When building with -O3, build with -Wno-error=maybe-uninitialized.

Superseded in bionic-proposed on 2017-12-14
nss (2:3.34-1) unstable; urgency=medium

  * New upstream release:
    - Really build without -maes on i386. Closes: #875694.
  * debian/libnss3.symbols: Add NSS_3_34 symbol version.

 -- Mike Hommey <email address hidden>  Sat, 18 Nov 2017 14:58:01 +0900
Superseded in bionic-release on 2018-01-29
Published in artful-release on 2017-10-02
Deleted in artful-proposed (Reason: moved to release)
nss (2:3.32-1ubuntu3) artful; urgency=medium

  * SECURITY UPDATE: Use-after-free in TLS 1.2 generating handshake hashes
    - debian/patches/CVE-2017-7805.patch: Simplify handling of
      CertificateVerify in nss/lib/ssl/ssl3con.c, nss/lib/ssl/ssl3prot.h.
    - CVE-2017-7805

 -- Marc Deslauriers <email address hidden>  Fri, 29 Sep 2017 12:17:39 -0400
Superseded in trusty-updates on 2019-01-09
Superseded in trusty-security on 2019-01-09
nss (2:3.28.4-0ubuntu0.14.04.3) trusty-security; urgency=medium

  * SECURITY UPDATE: Use-after-free in TLS 1.2 generating handshake hashes
    - debian/patches/CVE-2017-7805.patch: Simplify handling of
      CertificateVerify in nss/lib/ssl/ssl3con.c, nss/lib/ssl/ssl3prot.h.
    - CVE-2017-7805

 -- Marc Deslauriers <email address hidden>  Fri, 29 Sep 2017 08:54:40 -0400
Superseded in xenial-updates on 2019-01-09
Superseded in xenial-security on 2019-01-09
nss (2:3.28.4-0ubuntu0.16.04.3) xenial-security; urgency=medium

  * SECURITY UPDATE: Use-after-free in TLS 1.2 generating handshake hashes
    - debian/patches/CVE-2017-7805.patch: Simplify handling of
      CertificateVerify in nss/lib/ssl/ssl3con.c, nss/lib/ssl/ssl3prot.h.
    - CVE-2017-7805

 -- Marc Deslauriers <email address hidden>  Fri, 29 Sep 2017 08:54:11 -0400
Obsolete in zesty-updates on 2018-06-22
Obsolete in zesty-security on 2018-06-22
nss (2:3.28.4-0ubuntu0.17.04.3) zesty-security; urgency=medium

  * SECURITY UPDATE: Use-after-free in TLS 1.2 generating handshake hashes
    - debian/patches/CVE-2017-7805.patch: Simplify handling of
      CertificateVerify in nss/lib/ssl/ssl3con.c, nss/lib/ssl/ssl3prot.h.
    - CVE-2017-7805

 -- Marc Deslauriers <email address hidden>  Fri, 29 Sep 2017 08:51:29 -0400
Superseded in artful-release on 2017-10-02
Deleted in artful-proposed on 2017-10-03 (Reason: moved to release)
nss (2:3.32-1ubuntu2) artful; urgency=medium

  * Initialise curve variable in a test file, resolves FTBFS.

 -- Dimitri John Ledkov <email address hidden>  Thu, 24 Aug 2017 07:21:27 -0400
Superseded in artful-proposed on 2017-08-24
nss (2:3.32-1ubuntu1) artful; urgency=medium

  * Merge with Debian; remaining changes:
    - When building with -O3, build with -Wno-error=maybe-uninitialized.

Superseded in xenial-updates on 2017-10-02
Superseded in xenial-security on 2017-10-02
nss (2:3.28.4-0ubuntu0.16.04.2) xenial-security; urgency=medium

  * SECURITY UPDATE: DoS via empty SSLv2 messages
    - debian/patches/CVE-2017-7502.patch: reject broken v2 records in
      nss/lib/ssl/ssl3gthr.c, nss/lib/ssl/ssldef.c, nss/lib/ssl/sslimpl.h,
      added tests to nss/gtests/ssl_gtest/ssl_gather_unittest.cc,
      nss/gtests/ssl_gtest/ssl_gtest.gyp, nss/gtests/ssl_gtest/manifest.mn,
      nss/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc.
    - CVE-2017-7502

 -- Marc Deslauriers <email address hidden>  Fri, 16 Jun 2017 08:13:46 -0400
Superseded in artful-release on 2017-08-24
Deleted in artful-proposed on 2017-08-25 (Reason: moved to release)
nss (2:3.28.4-0ubuntu2) artful; urgency=medium

  * SECURITY UPDATE: DoS via empty SSLv2 messages
    - debian/patches/CVE-2017-7502.patch: reject broken v2 records in
      nss/lib/ssl/ssl3gthr.c, nss/lib/ssl/ssldef.c, nss/lib/ssl/sslimpl.h,
      added tests to nss/gtests/ssl_gtest/ssl_gather_unittest.cc,
      nss/gtests/ssl_gtest/ssl_gtest.gyp, nss/gtests/ssl_gtest/manifest.mn,
      nss/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc.
    - CVE-2017-7502

 -- Marc Deslauriers <email address hidden>  Fri, 16 Jun 2017 08:12:38 -0400
Superseded in trusty-updates on 2017-10-02
Superseded in trusty-security on 2017-10-02
nss (2:3.28.4-0ubuntu0.14.04.2) trusty-security; urgency=medium

  * SECURITY UPDATE: DoS via empty SSLv2 messages
    - debian/patches/CVE-2017-7502.patch: reject broken v2 records in
      nss/lib/ssl/ssl3gthr.c, nss/lib/ssl/ssldef.c, nss/lib/ssl/sslimpl.h,
      added tests to nss/gtests/ssl_gtest/ssl_gather_unittest.cc,
      nss/gtests/ssl_gtest/ssl_gtest.gyp, nss/gtests/ssl_gtest/manifest.mn,
      nss/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc.
    - CVE-2017-7502

 -- Marc Deslauriers <email address hidden>  Fri, 16 Jun 2017 08:14:11 -0400
Superseded in zesty-updates on 2017-10-02
Superseded in zesty-security on 2017-10-02
nss (2:3.28.4-0ubuntu0.17.04.2) zesty-security; urgency=medium

  * SECURITY UPDATE: DoS via empty SSLv2 messages
    - debian/patches/CVE-2017-7502.patch: reject broken v2 records in
      nss/lib/ssl/ssl3gthr.c, nss/lib/ssl/ssldef.c, nss/lib/ssl/sslimpl.h,
      added tests to nss/gtests/ssl_gtest/ssl_gather_unittest.cc,
      nss/gtests/ssl_gtest/ssl_gtest.gyp, nss/gtests/ssl_gtest/manifest.mn,
      nss/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc.
    - CVE-2017-7502

 -- Marc Deslauriers <email address hidden>  Fri, 16 Jun 2017 08:01:55 -0400
Obsolete in yakkety-updates on 2018-01-23
Obsolete in yakkety-security on 2018-01-23
nss (2:3.28.4-0ubuntu0.16.10.2) yakkety-security; urgency=medium

  * SECURITY UPDATE: DoS via empty SSLv2 messages
    - debian/patches/CVE-2017-7502.patch: reject broken v2 records in
      nss/lib/ssl/ssl3gthr.c, nss/lib/ssl/ssldef.c, nss/lib/ssl/sslimpl.h,
      added tests to nss/gtests/ssl_gtest/ssl_gather_unittest.cc,
      nss/gtests/ssl_gtest/ssl_gtest.gyp, nss/gtests/ssl_gtest/manifest.mn,
      nss/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc.
    - CVE-2017-7502

 -- Marc Deslauriers <email address hidden>  Fri, 16 Jun 2017 08:13:22 -0400
Superseded in artful-release on 2017-06-19
Deleted in artful-proposed on 2017-06-20 (Reason: moved to release)
nss (2:3.28.4-0ubuntu1) artful; urgency=medium

  * Updated to upstream 3.28.4 to fix security issues and get a new CA
    certificate bundle.
  * SECURITY UPDATE: DES and Triple DES ciphers birthday attack
    - CVE-2016-2183
  * SECURITY UPDATE: out-of-bounds write in Base64 decoding
    - CVE-2017-5461
  * debian/patches/*.patch: refreshed for new version.
  * debian/control: bump libnspr4-dev to 4.13.1.
  * debian/libnss3.symbols: added new symbols.

 -- Marc Deslauriers <email address hidden>  Thu, 27 Apr 2017 13:13:44 -0400
Superseded in trusty-updates on 2017-06-21
Superseded in trusty-security on 2017-06-21
nss (2:3.28.4-0ubuntu0.14.04.1) trusty-security; urgency=medium

  * Updated to upstream 3.28.4 to fix security issues and get a new CA
    certificate bundle.
  * SECURITY UPDATE: DES and Triple DES ciphers birthday attack
    - CVE-2016-2183
  * SECURITY UPDATE: out-of-bounds write in Base64 decoding
    - CVE-2017-5461
  * debian/patches/99_jarfile_ftbfs.patch: removed, upstream.
  * debian/patches/*.patch: refreshed for new version.
  * debian/control: bump libnspr4-dev to 4.13.1.
  * debian/libnss3.symbols: added new symbols.

 -- Marc Deslauriers <email address hidden>  Wed, 26 Apr 2017 10:25:43 -0400
Superseded in xenial-updates on 2017-06-21
Superseded in xenial-security on 2017-06-21
nss (2:3.28.4-0ubuntu0.16.04.1) xenial-security; urgency=medium

  * Updated to upstream 3.28.4 to fix security issues and get a new CA
    certificate bundle.
  * SECURITY UPDATE: DES and Triple DES ciphers birthday attack
    - CVE-2016-2183
  * SECURITY UPDATE: out-of-bounds write in Base64 decoding
    - CVE-2017-5461
  * debian/patches/*.patch: refreshed for new version.
  * debian/control: bump libnspr4-dev to 4.13.1.
  * debian/libnss3.symbols: added new symbols.

 -- Marc Deslauriers <email address hidden>  Wed, 26 Apr 2017 10:25:43 -0400
Superseded in zesty-updates on 2017-06-21
Superseded in zesty-security on 2017-06-21
nss (2:3.28.4-0ubuntu0.17.04.1) zesty-security; urgency=medium

  * Updated to upstream 3.28.4 to fix security issues and get a new CA
    certificate bundle.
  * SECURITY UPDATE: DES and Triple DES ciphers birthday attack
    - CVE-2016-2183
  * SECURITY UPDATE: out-of-bounds write in Base64 decoding
    - CVE-2017-5461
  * debian/patches/*.patch: refreshed for new version.
  * debian/control: bump libnspr4-dev to 4.13.1.
  * debian/libnss3.symbols: added new symbols.

 -- Marc Deslauriers <email address hidden>  Wed, 26 Apr 2017 10:25:43 -0400
Superseded in yakkety-updates on 2017-06-21
Superseded in yakkety-security on 2017-06-21
nss (2:3.28.4-0ubuntu0.16.10.1) yakkety-security; urgency=medium

  * Updated to upstream 3.28.4 to fix security issues and get a new CA
    certificate bundle.
  * SECURITY UPDATE: DES and Triple DES ciphers birthday attack
    - CVE-2016-2183
  * SECURITY UPDATE: out-of-bounds write in Base64 decoding
    - CVE-2017-5461
  * debian/patches/*.patch: refreshed for new version.
  * debian/control: bump libnspr4-dev to 4.13.1.
  * debian/libnss3.symbols: added new symbols.

 -- Marc Deslauriers <email address hidden>  Wed, 26 Apr 2017 10:25:43 -0400
Superseded in trusty-updates on 2017-04-27
Superseded in trusty-security on 2017-04-27
nss (2:3.26.2-0ubuntu0.14.04.3) trusty-security; urgency=medium

  * Updated to upstream 3.26.2 to fix security issues and get a new CA
    certificate bundle.
  * SECURITY UPDATE: denial of service via invalid DH keys
    - CVE-2016-5285
  * SECURITY UPDATE: small subgroup confinement attack
    - CVE-2016-8635
  * SECURITY UPDATE: insufficient mitigation of timing side-channel attack
    - CVE-2016-9074
  * debian/rules: added libfreeblpriv3.so.
  * debian/libnss3.symbols: updated for new version, added
    SSL_GetCipherSuiteInfo and SSL_GetChannelInfo as they are not backwards
    compatible.
  * debian/patches/*.patch: refreshed for new version.
  * debian/rules: When building with -O3, build with -Wno-error=maybe-
    uninitialized to fix FTBFS on ppc64el.
  * debian/patches/99_jarfile_ftbfs.patch: fix FTBFS on powerpc.

 -- Marc Deslauriers <email address hidden>  Mon, 05 Dec 2016 07:19:11 -0500
Superseded in xenial-updates on 2017-04-27
Superseded in xenial-security on 2017-04-27
nss (2:3.26.2-0ubuntu0.16.04.2) xenial-security; urgency=medium

  * Updated to upstream 3.26.2 to fix security issues and get a new CA
    certificate bundle.
  * SECURITY UPDATE: denial of service via invalid DH keys
    - CVE-2016-5285
  * SECURITY UPDATE: small subgroup confinement attack
    - CVE-2016-8635
  * SECURITY UPDATE: insufficient mitigation of timing side-channel attack
    - CVE-2016-9074
  * debian/rules: added libfreeblpriv3.so.
  * debian/libnss3.symbols: updated for new version, added
    SSL_GetCipherSuiteInfo and SSL_GetChannelInfo as they are not backwards
    compatible.
  * debian/patches/*.patch: refreshed for new version.
  * debian/rules: When building with -O3, build with -Wno-error=maybe-
    uninitialized to fix FTBFS on ppc64el and powerpc.

 -- Marc Deslauriers <email address hidden>  Mon, 05 Dec 2016 07:17:18 -0500
Published in precise-updates on 2017-01-04
Published in precise-security on 2017-01-04
nss (2:3.26.2-0ubuntu0.12.04.1) precise-security; urgency=medium

  * Updated to upstream 3.26.2 to fix security issues and get a new CA
    certificate bundle.
  * SECURITY UPDATE: denial of service via invalid DH keys
    - CVE-2016-5285
  * SECURITY UPDATE: small subgroup confinement attack
    - CVE-2016-8635
  * SECURITY UPDATE: insufficient mitigation of timing side-channel attack
    - CVE-2016-9074
  * debian/rules: added libfreeblpriv3.so.
  * debian/libnss3.symbols: updated for new version, added
    SSL_GetCipherSuiteInfo and SSL_GetChannelInfo as they are not backwards
    compatible.
  * debian/patches/*.patch: refreshed for new version.
  * debian/rules: disable tests that fail to build with old GCC.
  * debian/patches/disable_chacha_test.patch: removed, no longer required.

 -- Marc Deslauriers <email address hidden>  Fri, 02 Dec 2016 13:27:18 -0500
Superseded in yakkety-updates on 2017-04-27
Superseded in yakkety-security on 2017-04-27
nss (2:3.26.2-0ubuntu0.16.10.1) yakkety-security; urgency=medium

  * Updated to upstream 3.26.2 to fix a security issue.
  * SECURITY UPDATE: insufficient mitigation of timing side-channel attack
    - CVE-2016-9074
  * debian/libnss3.symbols: add SSL_GetCipherSuiteInfo and
    SSL_GetChannelInfo as they are not backwards compatible.

 -- Marc Deslauriers <email address hidden>  Fri, 02 Dec 2016 09:05:09 -0500
Superseded in artful-release on 2017-04-27
Obsolete in zesty-release on 2018-06-22
Deleted in zesty-proposed on 2018-06-22 (Reason: moved to release)
nss (2:3.26.2-1ubuntu1) zesty; urgency=medium

  * Merge with Debian; remaining changes:
    - When building with -O3, build with -Wno-error=maybe-uninitialized.

Superseded in zesty-release on 2017-02-17
Obsolete in yakkety-release on 2018-01-23
Deleted in yakkety-proposed on 2018-01-23 (Reason: moved to release)
nss (2:3.26-1ubuntu1) yakkety; urgency=medium

  * Merge with Debian; remaining changes:
    - When building with -O3, build with -Wno-error=maybe-uninitialized.

Superseded in yakkety-proposed on 2016-09-06
nss (2:3.26-1) unstable; urgency=medium

  * New upstream release.
  * debian/watch: Update such that uscan --download-version works.
  * debian/control, debian/libnss3-1d.*, debian/libnss3.symbols: Remove the
    libnss3-1d* transitional packages.
  * debian/rules:
    - Always set CCC to CXX. Thanks Helmut Grohne. Closes: #806292.
    - Override KERNEL when cross building for a different OS. Closes: #810579.
  * debian/control: Split Depends/Build-Depends/Conflicts. Thanks Guido G√ľnther.
    Closes: #806634.

 -- Mike Hommey <email address hidden>  Tue, 16 Aug 2016 16:33:15 +0900
Superseded in yakkety-release on 2016-09-13
Deleted in yakkety-proposed on 2016-10-01 (Reason: moved to release)
nss (2:3.25-1ubuntu1) yakkety; urgency=medium

  * When building with -O3, build with -Wno-error=maybe-uninitialized.

 -- Matthias Klose <email address hidden>  Thu, 04 Aug 2016 11:36:54 +0200
Superseded in yakkety-proposed on 2016-08-04
nss (2:3.25-1) unstable; urgency=medium

  * New upstream release.
  * debian/libnss3.symbols, debian/rules: Add the new libfreeblpriv3 library.
  * debian/libnss3.symbols: Add NSS_3.24 and NSSUTIL_3.24 symbol versions.

 -- Mike Hommey <email address hidden>  Wed, 03 Aug 2016 10:23:13 +0900

Available diffs

Superseded in precise-updates on 2017-01-04
Superseded in precise-security on 2017-01-04
nss (2:3.23-0ubuntu0.12.04.1) precise-security; urgency=medium

  * Updated to upstream 3.23 to fix a security issue and get a new CA
    certificate bundle.
  * SECURITY UPDATE: multiple memory safety issues
    - CVE-2016-2834
  * debian/control: bump libnspr4-dev Build-Depends to 4.12.
  * debian/libnss3.symbols: updated for new version.
  * debian/patches/CVE-2016-1950.patch: dropped, upstream.
  * debian/patches/relax_dh_size.patch: removed, now require a minimum DH
    size of 1023 bits.
  * debian/patches/disable_chacha_test.patch: disable test incompatible
    with precise's old gcc.
  * debian/patches/*.patch: refreshed for new version.

 -- Marc Deslauriers <email address hidden>  Thu, 07 Jul 2016 14:46:46 -0400
Superseded in trusty-updates on 2017-01-04
Superseded in trusty-security on 2017-01-04
nss (2:3.23-0ubuntu0.14.04.1) trusty-security; urgency=medium

  * Updated to upstream 3.23 to fix a security issue and get a new CA
    certificate bundle.
  * SECURITY UPDATE: multiple memory safety issues
    - CVE-2016-2834
  * debian/control: bump libnspr4-dev Build-Depends to 2:4.12.
  * debian/libnss3.symbols: updated for new version.
  * debian/patches/CVE-2016-1950.patch: dropped, upstream.
  * debian/patches/ftbfs_ppc64el.patch: dropped, no longer needed.
  * debian/patches/relax_dh_size.patch: removed, now require a minimum DH
    size of 1023 bits.
  * debian/patches/*.patch: refreshed for new version.

 -- Marc Deslauriers <email address hidden>  Thu, 07 Jul 2016 14:09:52 -0400
Obsolete in wily-updates on 2018-01-22
Obsolete in wily-security on 2018-01-22
nss (2:3.23-0ubuntu0.15.10.1) wily-security; urgency=medium

  * Updated to upstream 3.23 to fix a security issue and get a new CA
    certificate bundle.
  * SECURITY UPDATE: multiple memory safety issues
    - CVE-2016-2834
  * debian/control: bump libnspr4-dev Build-Depends to 2:4.12.
  * debian/libnss3.symbols: updated for new version.
  * debian/patches/CVE-2016-1950.patch: dropped, upstream.
  * debian/patches/ftbfs_ppc64el.patch: dropped, no longer needed.
  * debian/patches/relax_dh_size.patch: removed, now require a minimum DH
    size of 1023 bits.
  * debian/patches/*.patch: refreshed for new version.

 -- Marc Deslauriers <email address hidden>  Thu, 07 Jul 2016 13:14:23 -0400
Superseded in xenial-updates on 2017-01-04
Superseded in xenial-security on 2017-01-04
nss (2:3.23-0ubuntu0.16.04.1) xenial-security; urgency=medium

  * Updated to upstream 3.23 to fix a security issue and get a new CA
    certificate bundle.
  * SECURITY UPDATE: multiple memory safety issues
    - CVE-2016-2834
  * debian/control: bump libnspr4-dev Build-Depends to 2:4.12.
  * debian/libnss3.symbols: updated for new version.
  * debian/patches/CVE-2016-1950.patch: dropped, upstream.
  * debian/patches/ftbfs_ppc64el.patch: dropped, no longer needed.
  * debian/patches/*.patch: refreshed for new version.

 -- Marc Deslauriers <email address hidden>  Thu, 07 Jul 2016 12:44:16 -0400
Superseded in yakkety-release on 2016-08-06
Deleted in yakkety-proposed on 2016-08-07 (Reason: moved to release)
nss (2:3.23-2) unstable; urgency=medium

  * debian/control, debian/rules: Leave it to dh_makeshlibs to do the right
    thing wrt ldconfig. This requires debhelper 9.20160403. Closes: #811124.

 -- Mike Hommey <email address hidden>  Sun, 03 Apr 2016 18:29:02 +0900
Superseded in yakkety-release on 2016-07-08
Published in xenial-release on 2016-03-10
Deleted in xenial-proposed (Reason: moved to release)
nss (2:3.21-1ubuntu4) xenial; urgency=medium

  * SECURITY UPDATE: buffer overflow during ASN.1 decoding
    - debian/patches/CVE-2016-1950.patch: check lengths in
      nss/lib/util/secasn1d.c.
    - CVE-2016-1950

 -- Marc Deslauriers <email address hidden>  Wed, 09 Mar 2016 07:35:32 -0500
Superseded in trusty-updates on 2016-07-11
Superseded in trusty-security on 2016-07-11
nss (2:3.21-0ubuntu0.14.04.2) trusty-security; urgency=medium

  * SECURITY UPDATE: buffer overflow during ASN.1 decoding
    - debian/patches/CVE-2016-1950.patch: check lengths in
      nss/lib/util/secasn1d.c.
    - CVE-2016-1950

 -- Marc Deslauriers <email address hidden>  Wed, 09 Mar 2016 07:38:11 -0500
Superseded in wily-updates on 2016-07-11
Superseded in wily-security on 2016-07-11
nss (2:3.21-0ubuntu0.15.10.2) wily-security; urgency=medium

  * SECURITY UPDATE: buffer overflow during ASN.1 decoding
    - debian/patches/CVE-2016-1950.patch: check lengths in
      nss/lib/util/secasn1d.c.
    - CVE-2016-1950

 -- Marc Deslauriers <email address hidden>  Wed, 09 Mar 2016 07:37:48 -0500
Superseded in precise-updates on 2016-07-11
Superseded in precise-security on 2016-07-11
nss (2:3.21-0ubuntu0.12.04.3) precise-security; urgency=medium

  * SECURITY UPDATE: buffer overflow during ASN.1 decoding
    - debian/patches/CVE-2016-1950.patch: check lengths in
      nss/lib/util/secasn1d.c.
    - CVE-2016-1950

 -- Marc Deslauriers <email address hidden>  Wed, 09 Mar 2016 07:38:47 -0500
Superseded in precise-updates on 2016-03-09
Superseded in precise-security on 2016-03-09
nss (2:3.21-0ubuntu0.12.04.2) precise-security; urgency=medium

  * debian/rules: fix versioning since the last update incorrectly added
    an epoch. (LP: #1547147)

 -- Marc Deslauriers <email address hidden>  Mon, 22 Feb 2016 10:10:25 -0500
Superseded in xenial-release on 2016-03-10
Deleted in xenial-proposed on 2016-03-11 (Reason: moved to release)
nss (2:3.21-1ubuntu3) xenial; urgency=medium

  * debian/patches/relax_dh_size.patch: removed, now require a minimum DH
    size of 1023 bits.

 -- Marc Deslauriers <email address hidden>  Thu, 18 Feb 2016 11:23:15 -0500

Available diffs

Superseded in trusty-updates on 2016-03-09
Superseded in trusty-security on 2016-03-09
nss (2:3.21-0ubuntu0.14.04.1) trusty-security; urgency=medium

  * Updated to upstream 3.21 to fix a security issue and get a new CA
    certificate bundle.
  * SECURITY UPDATE: improper division in mp_div and mp_exptmod
    - CVE-2016-1938
  * debian/libnss3.symbols: updated for new version.
  * debian/patches/95_add_spi+cacert_ca_certs.patch: dropped, no longer
    want the SPI cert
  * debian/patches/97_SSL_RENEGOTIATE_TRANSITIONAL.patch: dropped, no
    longer needed
  * debian/patches/CVE-2015-7575.patch: dropped, upstream
  * debian/patches/ftbfs_ppc64el.patch: don't enable -Werror on ppc64el,
    there are too many uninitialized variable false positives.

 -- Marc Deslauriers <email address hidden>  Thu, 04 Feb 2016 09:38:27 -0500
Superseded in precise-updates on 2016-02-23
Superseded in precise-security on 2016-02-23
nss (2:3.21-0ubuntu0.12.04.1) precise-security; urgency=medium

  * Updated to upstream 3.21 to fix a security issue and get a new CA
    certificate bundle.
  * SECURITY UPDATE: improper division in mp_div and mp_exptmod
    - CVE-2016-1938
  * debian/libnss3.symbols: updated for new version.
  * debian/patches/95_add_spi+cacert_ca_certs.patch: dropped, no longer
    want the SPI cert
  * debian/patches/97_SSL_RENEGOTIATE_TRANSITIONAL.patch: dropped, no
    longer needed
  * debian/patches/CVE-2015-7575.patch: dropped, upstream

 -- Marc Deslauriers <email address hidden>  Thu, 04 Feb 2016 09:38:27 -0500
Superseded in wily-updates on 2016-03-09
Superseded in wily-security on 2016-03-09
nss (2:3.21-0ubuntu0.15.10.1) wily-security; urgency=medium

  * Updated to upstream 3.21 to fix a security issue and get a new CA
    certificate bundle.
  * SECURITY UPDATE: improper division in mp_div and mp_exptmod
    - CVE-2016-1938
  * debian/libnss3.symbols: updated for new version.
  * debian/patches/95_add_spi+cacert_ca_certs.patch: dropped, no longer
    want the SPI cert
  * debian/patches/97_SSL_RENEGOTIATE_TRANSITIONAL.patch: dropped, no
    longer needed
  * debian/patches/99_reproducible: dropped, no longer needed
  * debian/patches/CVE-2015-7575.patch: dropped, upstream
  * debian/patches/ftbfs_ppc64el.patch: don't enable -Werror on ppc64el,
    there are too many uninitialized variable false positives.

 -- Marc Deslauriers <email address hidden>  Thu, 04 Feb 2016 09:38:27 -0500
Superseded in wily-updates on 2016-02-17
Superseded in wily-security on 2016-02-17
nss (2:3.19.2.1-0ubuntu0.15.10.2) wily-security; urgency=medium

  * SECURITY UPDATE: incorrect MD5 support with TLS 1.2
    - debian/patches/CVE-2015-7575.patch: remove MD5 in
      nss/lib/ssl/ssl3con.c.
    - CVE-2015-7575

 -- Marc Deslauriers <email address hidden>  Thu, 07 Jan 2016 13:21:10 -0500
Superseded in precise-updates on 2016-02-17
Superseded in precise-security on 2016-02-17
nss (3.19.2.1-0ubuntu0.12.04.2) precise-security; urgency=medium

  * SECURITY UPDATE: incorrect MD5 support with TLS 1.2
    - debian/patches/CVE-2015-7575.patch: remove MD5 in
      nss/lib/ssl/ssl3con.c.
    - CVE-2015-7575

 -- Marc Deslauriers <email address hidden>  Thu, 07 Jan 2016 13:24:13 -0500
Superseded in trusty-updates on 2016-02-17
Superseded in trusty-security on 2016-02-17
nss (2:3.19.2.1-0ubuntu0.14.04.2) trusty-security; urgency=medium

  * SECURITY UPDATE: incorrect MD5 support with TLS 1.2
    - debian/patches/CVE-2015-7575.patch: remove MD5 in
      nss/lib/ssl/ssl3con.c.
    - CVE-2015-7575

 -- Marc Deslauriers <email address hidden>  Thu, 07 Jan 2016 13:23:37 -0500
Obsolete in vivid-updates on 2018-01-18
Obsolete in vivid-security on 2018-01-18
nss (2:3.19.2.1-0ubuntu0.15.04.2) vivid-security; urgency=medium

  * SECURITY UPDATE: incorrect MD5 support with TLS 1.2
    - debian/patches/CVE-2015-7575.patch: remove MD5 in
      nss/lib/ssl/ssl3con.c.
    - CVE-2015-7575

 -- Marc Deslauriers <email address hidden>  Thu, 07 Jan 2016 13:23:09 -0500
Superseded in xenial-release on 2016-02-18
Deleted in xenial-proposed on 2016-02-20 (Reason: moved to release)
nss (2:3.21-1ubuntu2) xenial; urgency=medium

  * debian/patches/ftbfs_ppc64el.patch: don't enable -Werror on ppc64el,
    there are too many uninitialized variable false positives.

 -- Marc Deslauriers <email address hidden>  Thu, 26 Nov 2015 14:49:56 -0500
Superseded in xenial-proposed on 2015-11-26
nss (2:3.21-1ubuntu1) xenial; urgency=medium

  * Merge from Debian unstable. Remaining changes:
    - debian/rules:
      + Add x32 support.
      + Also ship blapi.h and alghmac.h in libnss3-dev.
    - debian/control, debian/libnss3-nssdb.*, debian/libnss3.symbols,
      debian/pkcs11.txt, debian/rules:
      + Add back support for shared cert and key databases.
    - debian/patches/relax_dh_size.patch: relax minimum DH size to 768 bits
      for compatibility reasons. This patch will get reverted in the future
      once servers have upgraded to longer DH sizes.
    - debian/control: remove cross Build Profile from Build-Depends, as it
      doesn't seem to be supported by launchpad yet.

Superseded in precise-updates on 2016-01-07
Superseded in precise-security on 2016-01-07
nss (3.19.2.1-0ubuntu0.12.04.1) precise-security; urgency=medium

  * Updated to upstream 3.19.2.1 to fix two security issues.
  * SECURITY UPDATE: use-after-poison in sec_asn1d_parse_leaf
    - CVE-2015-7181
  * SECURITY UPDATE: ASN.1 decoder heap overflow
    - CVE-2015-7182

 -- Marc Deslauriers <email address hidden>  Wed, 04 Nov 2015 11:26:48 -0600
Superseded in trusty-updates on 2016-01-07
Superseded in trusty-security on 2016-01-07
nss (2:3.19.2.1-0ubuntu0.14.04.1) trusty-security; urgency=medium

  * Updated to upstream 3.19.2.1 to fix two security issues.
  * SECURITY UPDATE: use-after-poison in sec_asn1d_parse_leaf
    - CVE-2015-7181
  * SECURITY UPDATE: ASN.1 decoder heap overflow
    - CVE-2015-7182

 -- Marc Deslauriers <email address hidden>  Wed, 04 Nov 2015 10:44:42 -0600
Superseded in xenial-release on 2015-11-27
Deleted in xenial-proposed on 2015-11-28 (Reason: moved to release)
nss (2:3.19.2.1-0ubuntu1) xenial; urgency=medium

  * Updated to upstream 3.19.2.1 to fix two security issues.
  * SECURITY UPDATE: use-after-poison in sec_asn1d_parse_leaf
    - CVE-2015-7181
  * SECURITY UPDATE: ASN.1 decoder heap overflow
    - CVE-2015-7182

 -- Marc Deslauriers <email address hidden>  Wed, 04 Nov 2015 10:33:01 -0600
Superseded in vivid-updates on 2016-01-07
Superseded in vivid-security on 2016-01-07
nss (2:3.19.2.1-0ubuntu0.15.04.1) vivid-security; urgency=medium

  * Updated to upstream 3.19.2.1 to fix two security issues.
  * SECURITY UPDATE: use-after-poison in sec_asn1d_parse_leaf
    - CVE-2015-7181
  * SECURITY UPDATE: ASN.1 decoder heap overflow
    - CVE-2015-7182

 -- Marc Deslauriers <email address hidden>  Wed, 04 Nov 2015 10:40:18 -0600
Superseded in wily-updates on 2016-01-07
Superseded in wily-security on 2016-01-07
nss (2:3.19.2.1-0ubuntu0.15.10.1) wily-security; urgency=medium

  * Updated to upstream 3.19.2.1 to fix two security issues.
  * SECURITY UPDATE: use-after-poison in sec_asn1d_parse_leaf
    - CVE-2015-7181
  * SECURITY UPDATE: ASN.1 decoder heap overflow
    - CVE-2015-7182

 -- Marc Deslauriers <email address hidden>  Wed, 04 Nov 2015 10:33:01 -0600
Superseded in precise-updates on 2015-11-04
Superseded in precise-security on 2015-11-04
nss (3.19.2-0ubuntu0.12.04.1) precise-security; urgency=medium

  * SECURITY UPDATE: update to upstream 3.19.2 to fix multiple security
    issues and get a new CA certificate bundle.
    - CVE-2015-2721
    - CVE-2015-2730
  * debian/libnss3.symbols: updated for new version.
  * debian/patches/relax_dh_size.patch: relax minimum DH size to 768 bits
    for compatibility reasons. This patch will get reverted in the future
    once servers have upgraded to longer DH sizes.

 -- Marc Deslauriers <email address hidden>  Wed, 08 Jul 2015 12:29:51 -0400
Superseded in trusty-updates on 2015-11-04
Superseded in trusty-security on 2015-11-04
nss (2:3.19.2-0ubuntu0.14.04.1) trusty-security; urgency=medium

  * SECURITY UPDATE: update to upstream 3.19.2 to fix multiple security
    issues and get a new CA certificate bundle.
    - CVE-2015-2721
    - CVE-2015-2730
  * debian/libnss3.symbols: updated for new version.
  * debian/patches/relax_dh_size.patch: relax minimum DH size to 768 bits
    for compatibility reasons. This patch will get reverted in the future
    once servers have upgraded to longer DH sizes.

 -- Marc Deslauriers <email address hidden>  Wed, 08 Jul 2015 12:27:02 -0400
Obsolete in utopic-updates on 2016-11-03
Obsolete in utopic-security on 2016-11-03
nss (2:3.19.2-0ubuntu0.14.10.1) utopic-security; urgency=medium

  * SECURITY UPDATE: update to upstream 3.19.2 to fix multiple security
    issues and get a new CA certificate bundle.
    - CVE-2015-2721
    - CVE-2015-2730
  * debian/libnss3.symbols: updated for new version.
  * debian/patches/relax_dh_size.patch: relax minimum DH size to 768 bits
    for compatibility reasons. This patch will get reverted in the future
    once servers have upgraded to longer DH sizes.

 -- Marc Deslauriers <email address hidden>  Wed, 08 Jul 2015 12:10:02 -0400
Superseded in vivid-updates on 2015-11-04
Superseded in vivid-security on 2015-11-04
nss (2:3.19.2-0ubuntu15.04.1) vivid-security; urgency=medium

  * SECURITY UPDATE: update to upstream 3.19.2 to fix multiple security
    issues and get a new CA certificate bundle.
    - CVE-2015-2721
    - CVE-2015-2730
  * debian/libnss3.symbols: updated for new version.
  * debian/patches/relax_dh_size.patch: relax minimum DH size to 768 bits
    for compatibility reasons. This patch will get reverted in the future
    once servers have upgraded to longer DH sizes.

 -- Marc Deslauriers <email address hidden>  Wed, 08 Jul 2015 11:27:56 -0400
Superseded in xenial-release on 2015-11-05
Obsolete in wily-release on 2018-01-22
Deleted in wily-proposed on 2018-01-22 (Reason: moved to release)
nss (2:3.19.2-1ubuntu1) wily; urgency=medium

  * Merge from Debian unstable. Remaining changes:
    - debian/rules:
      + Add x32 support.
      + Also ship blapi.h and alghmac.h in libnss3-dev.
    - debian/control, debian/libnss3-nssdb.*, debian/libnss3.symbols,
      debian/pkcs11.txt, debian/rules:
      + Add back support for shared cert and key databases.
  * debian/patches/relax_dh_size.patch: relax minimum DH size to 768 bits
    for compatibility reasons. This patch will get reverted in the future
    once servers have upgraded to longer DH sizes.
  * debian/control: remove cross Build Profile from Build-Depends, as it
    doesn't seem to be supported by launchpad yet.

Superseded in wily-release on 2015-07-08
Deleted in wily-proposed on 2015-07-09 (Reason: moved to release)
nss (2:3.19-1ubuntu1) wily; urgency=medium

  * Merge from Debian unstable. Remaining changes:
    - debian/rules:
      + Add x32 support.
      + Also ship blapi.h and alghmac.h in libnss3-dev.
    - debian/control, debian/libnss3-nssdb.*, debian/libnss3.symbols,
      debian/pkcs11.txt, debian/rules:
      + Add back support for shared cert and key databases.

Superseded in precise-updates on 2015-07-09
Superseded in precise-security on 2015-07-09
nss (3.17.4-0ubuntu0.12.04.1) precise-security; urgency=medium

  * SECURITY UPDATE: update to upstream 3.17.4 to get new CA certificate
    bundle, and to fix incorrect SHA-1 behaviour. (LP: #1423031)
  * Removed unneeded patches:
    - debian/patches/CVE-2014-1569.patch: included upstream.
 -- Marc Deslauriers <email address hidden>   Thu, 19 Feb 2015 07:45:59 -0500
Superseded in trusty-updates on 2015-07-09
Superseded in trusty-security on 2015-07-09
nss (2:3.17.4-0ubuntu0.14.04.1) trusty-security; urgency=medium

  * SECURITY UPDATE: update to upstream 3.17.4 to get new CA certificate
    bundle, and to fix incorrect SHA-1 behaviour. (LP: #1423031)
  * Removed unneeded patches:
    - debian/patches/CVE-2014-1569.patch: included upstream.
 -- Marc Deslauriers <email address hidden>   Thu, 19 Feb 2015 07:44:05 -0500
Obsolete in lucid-updates on 2016-10-26
Obsolete in lucid-security on 2016-10-26
nss (3.17.4-0ubuntu0.10.04.1) lucid-security; urgency=medium

  * SECURITY UPDATE: update to upstream 3.17.4 to get new CA certificate
    bundle, and to fix incorrect SHA-1 behaviour. (LP: #1423031)
  * Removed unneeded patches:
    - debian/patches/CVE-2014-1569.patch: included upstream.
 -- Marc Deslauriers <email address hidden>   Thu, 19 Feb 2015 07:48:44 -0500
175 of 208 results