nss 2:3.42-1ubuntu2.1 source package in Ubuntu

Changelog

nss (2:3.42-1ubuntu2.1) disco-security; urgency=medium

  * SECURITY UPDATE: OOB read when importing a curve25519 private key
    - debian/patches/CVE-2019-11719.patch: don't unnecessarily strip
      leading 0's from key material during PKCS11 import in
      nss/lib/freebl/ecl/ecp_25519.c, nss/lib/pk11wrap/pk11akey.c,
      nss/lib/pk11wrap/pk11cert.c, nss/lib/pk11wrap/pk11pk12.c,
      nss/lib/softoken/legacydb/lgattr.c, nss/lib/softoken/pkcs11c.c.
    - CVE-2019-11719
  * SECURITY UPDATE: incorrect use of PKCS#1 v1.5 signatures with TLSv1.3
    - debian/patches/CVE-2019-11727.patch: prohibit use of
      RSASSA-PKCS1-v1_5 algorithms in TLS 1.3 in
      nss/gtests/ssl_gtest/ssl_auth_unittest.cc,
      nss/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc,
      nss/gtests/ssl_gtest/ssl_extension_unittest.cc,
      nss/lib/ssl/ssl3con.c.
    - CVE-2019-11727
  * SECURITY UPDATE: segfault via empty or malformed p256-ECDH public keys
    - debian/patches/CVE-2019-11729-1.patch: more thorough input checking
      in nss/lib/cryptohi/seckey.c, nss/lib/freebl/dh.c,
      nss/lib/freebl/ec.c, nss/lib/util/quickder.c.
    - debian/patches/CVE-2019-11729-2.patch: ignore spki decode failures on
      negative tests in nss/gtests/pk11_gtest/pk11_curve25519_unittest.cc.
    - CVE-2019-11729

 -- Marc Deslauriers <email address hidden>  Fri, 12 Jul 2019 07:48:06 -0400

Upload details

Uploaded by:
Marc Deslauriers on 2019-07-12
Uploaded to:
Disco
Original maintainer:
Ubuntu Developers
Architectures:
any
Section:
libs
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
nss_3.42.orig.tar.gz 22.3 MiB 5d3ce489f11803c66a7fba773c3f9b9a428ff3e5fe67a974e88b5e9095072f13
nss_3.42-1ubuntu2.1.debian.tar.xz 29.2 KiB 034d4f55e6a8200791475ead6b638dd8ca2aae11e3218da6094edde9e493e1f6
nss_3.42-1ubuntu2.1.dsc 2.2 KiB a21b0921d0a6050765e093f01a574d22cb973e6f65ad9f997725af3f33438b72

View changes file

Binary packages built by this source

libnss3: No summary available for libnss3 in ubuntu disco.

No description available for libnss3 in ubuntu disco.

libnss3-dbgsym: No summary available for libnss3-dbgsym in ubuntu disco.

No description available for libnss3-dbgsym in ubuntu disco.

libnss3-dev: No summary available for libnss3-dev in ubuntu disco.

No description available for libnss3-dev in ubuntu disco.

libnss3-tools: No summary available for libnss3-tools in ubuntu disco.

No description available for libnss3-tools in ubuntu disco.

libnss3-tools-dbgsym: No summary available for libnss3-tools-dbgsym in ubuntu disco.

No description available for libnss3-tools-dbgsym in ubuntu disco.