-
nss (2:3.36.1-1ubuntu1.2) cosmic-security; urgency=medium
* SECURITY UPDATE: DoS in NULL pointer dereference in CMS functions
- debian/patches/CVE-2018-18508-1.patch: add null checks in
nss/lib/smime/cmscinfo.c, nss/lib/smime/cmsdigdata.c,
nss/lib/smime/cmsencdata.c, nss/lib/smime/cmsenvdata.c,
nss/lib/smime/cmsmessage.c, nss/lib/smime/cmsudf.c.
- debian/patches/CVE-2018-18508-2.patch: add null checks in
nss/lib/smime/cmsmessage.c.
- CVE-2018-18508
-- Marc Deslauriers <email address hidden> Tue, 19 Feb 2019 13:37:53 +0100
-
nss (2:3.36.1-1ubuntu1.1) cosmic-security; urgency=medium
* SECURITY UPDATE: side-channel attack on ECDSA signatures
- debian/patches/CVE-2018-0495.patch: improve ecdsa and dsa in
nss/lib/freebl/dsa.c, nss/lib/freebl/ec.c.
- CVE-2018-0495
* SECURITY UPDATE: ServerHello.random is all zero in v2 ClientHello
- debian/patches/CVE-2018-12384-1.patch: fix random logic in
nss/lib/ssl/ssl3con.c.
- debian/patches/CVE-2018-12384-2.patch: add tests to
nss/gtests/ssl_gtest/ssl_loopback_unittest.cc,
nss/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc.
- CVE-2018-12384
* SECURITY UPDATE: cache side-channel variant of the Bleichenbacher attack
- debian/patches/CVE-2018-12404-1.patch: improve RSA key exchange
handling in nss/lib/ssl/ssl3con.c.
- debian/patches/CVE-2018-12404-2.patch: improve padding checks in
RSA_DecryptBlock in nss/gtests/freebl_gtest/rsa_unittest.cc,
nss/lib/freebl/rsapkcs.c.
- debian/patches/CVE-2018-12404-3.patch: add constant time
mp_to_fixlen_octets in nss/gtests/freebl_gtest/mpi_unittest.cc,
nss/lib/freebl/mpi/mpi.c, nss/lib/freebl/mpi/mpi.h.
- CVE-2018-12404
* debian/patches/stringop_truncation.patch: fix FTBFS.
-- Marc Deslauriers <email address hidden> Wed, 12 Dec 2018 14:44:32 -0500
-
nss (2:3.36.1-1ubuntu1) cosmic; urgency=medium
* Merge with Debian unstable. Remaining changes:
- d/libnss3.links: make freebl3 available as library (LP 1744328)
- d/control: add dh-exec to Build-Depends
- d/rules: make mkdir tolerate debian/tmp existing (due to dh-exec)
- d/rules: when building with -O3 on ppc64el this FTBFS, build with
-Wno-error=maybe-uninitialized to avoid that
* Dropped changes:
- revert switching to SQL default format (LP: 1746947) Dropping this
adresses (LP: #1747411) and effectively means we now switch to the new
default format after we ensured all depending packages are ready.
* Added changes:
- d/rules: extended the FTBFS to -O3 on ppc64el to only apply on ppc64el
nss (2:3.36.1-1) unstable; urgency=medium
* New upstream release.
* debian/control: Update Maintainer and Vcs fields, moving off alioth.
nss (2:3.36-1) unstable; urgency=medium
* New upstream release. Closes: #894981.
-- Christian Ehrhardt <email address hidden> Mon, 07 May 2018 17:08:46 +0200
-
nss (2:3.35-2ubuntu2) bionic; urgency=medium
* d/p/lp1746947-revert-switch-default-to-sql.patch: the switch of the
default is still causing too much issues in consumers of nss.
So until resolved revert the switched default (LP: #1746947)
nss (2:3.35-2ubuntu1) bionic; urgency=medium
* Merge with Debian unstable. Remaining changes:
- When building with -O3, build with -Wno-error=maybe-uninitialized.
* Added Changes:
- d/libnss3.links: make freebl3 available as library (LP: #1744328)
+ d/control: add dh-exec to Build-Depends
+ d/rules: make mkdir tolerate debian/tmp existing (due to dh-exec)
nss (2:3.35-2) unstable; urgency=medium
* nss/lib/freebl/Makefile: Build Hacl_Poly1305_64.o on arm64.
nss (2:3.35-1) unstable; urgency=medium
* New upstream release.
nss (2:3.34.1-1) unstable; urgency=medium
* New upstream release.
-- Christian Ehrhardt <email address hidden> Mon, 05 Feb 2018 11:36:07 +0100
