-
nss (2:3.45-1ubuntu2.4) eoan-security; urgency=medium
* SECURITY UPDATE: Side channel vulnerabilities during RSA key generation
- debian/patches/CVE-2020-12402.patch: use constant-time GCD and
modular inversion in nss/lib/freebl/mpi/mpi.c,
nss/lib/freebl/mpi/mpi.h, nss/lib/freebl/mpi/mplogic.c.
- CVE-2020-12402
-- Marc Deslauriers <email address hidden> Mon, 22 Jun 2020 13:35:40 -0400
-
nss (2:3.45-1ubuntu2.3) eoan-security; urgency=medium
* SECURITY UPDATE: invalid state after HelloRetryRequest
- debian/patches/CVE-2019-17023-1.patch: prevent negotiation of
versions lower than 1.3 after HelloRetryRequest in
nss/lib/ssl/ssl3con.c, nss/lib/ssl/tls13con.c.
- debian/patches/CVE-2019-17023-2.patch: add new tests for version
limitations after a HRR in nss/gtests/ssl_gtest/ssl_hrr_unittest.cc.
- CVE-2019-17023
* SECURITY UPDATE: Timing attack during DSA key generation
- debian/patches/CVE-2020-12399.patch: force a fixed length for DSA
exponentiation in nss/lib/freebl/dsa.c.
- CVE-2020-12399
-- Marc Deslauriers <email address hidden> Wed, 10 Jun 2020 12:57:22 -0400
-
nss (2:3.45-1ubuntu2.2) eoan-security; urgency=medium
* SECURITY UPDATE: Possible wrong length for cryptographic primitives input
- debian/patches/CVE-2019-17006.patch: adds checks for length of crypto
primitives in nss/lib/freebl/chacha20poly1305.c,
nss/lib/freebl/ctr.c, nss/lib/freebl/gcm.c,
nss/lib/freebl/intel-gcm-wrap.c,
nss/lib/freebl/rsapkcs.c.
- CVE-2019-17006
-- <email address hidden> (Leonidas S. Barbosa) Tue, 07 Jan 2020 15:31:35 -0300
-
nss (2:3.45-1ubuntu2.1) eoan-security; urgency=medium
* SECURITY UPDATE: out-of-bounds write in NSC_EncryptUpdate
- debian/patches/CVE-2019-11745.patch: use maxout not block size in
nss/lib/softoken/pkcs11c.c.
- CVE-2019-11745
-- Marc Deslauriers <email address hidden> Tue, 26 Nov 2019 08:35:22 -0500
-
nss (2:3.45-1ubuntu2) eoan; urgency=medium
* Disable reading fips_enabled flag in FIPS mode. libnss is
not a FIPS certified library. (LP: #1837734)
-- Vineetha Kamath <email address hidden> Tue, 23 Jul 2019 20:58:12 +0000
-
nss (2:3.45-1ubuntu1) eoan; urgency=low
* Merge from Debian unstable. Remaining changes:
- d/libnss3.links: make freebl3 available as library (LP 1744328)
- d/control: add dh-exec to Build-Depends
- d/rules: make mkdir tolerate debian/tmp existing (due to dh-exec)
nss (2:3.45-1) unstable; urgency=medium
* New upstream release.
- Fixes CVE-2019-11727 and CVE-2019-11719.
* debian/libnss3.symbols: Add NSS_3_45 symbol version.
nss (2:3.44+really3.42.1-2) unstable; urgency=medium
* debian/rules: Fix version exposed in nss-config and nss.pc.
nss (2:3.44.0-1) experimental; urgency=medium
* debian/libnss3.symbols:
- Update the version needed for
SSL_Get{CipherSuite,Channel,PreliminaryChannel}Info.
- Adjust versions so that 3.44+really3.42.1-1 is considered older where it
matters.
nss (2:3.44+really3.42.1-1) unstable; urgency=medium
* Reverse to 3.42.1. Building against 3.44 induces some behavior
differences when running against older versions, which could normally
be solved with updates to the symbols file, but since 3.44 is not meant
to ship in Buster, avoid disruption for nss reverse dependencies until
Buster is released by going back to previous version.
nss (2:3.44-1) unstable; urgency=medium
* New upstream release.
* debian/libnss3.symbols: Add NSS_3_43 and NSS_3_44 symbol versions.
nss (2:3.42.1-1) unstable; urgency=medium
* New upstream release.
- Fixes CVE-2018-18508. Closes: #921614.
-- Gianfranco Costamagna <email address hidden> Thu, 11 Jul 2019 11:49:44 +0200
-
nss (2:3.42-1ubuntu2) disco; urgency=medium
* SECURITY UPDATE: DoS in NULL pointer dereference in CMS functions
- debian/patches/CVE-2018-18508-1.patch: add null checks in
nss/lib/smime/cmscinfo.c, nss/lib/smime/cmsdigdata.c,
nss/lib/smime/cmsencdata.c, nss/lib/smime/cmsenvdata.c,
nss/lib/smime/cmsmessage.c, nss/lib/smime/cmsudf.c.
- debian/patches/CVE-2018-18508-2.patch: add null checks in
nss/lib/smime/cmsmessage.c.
- CVE-2018-18508
-- Marc Deslauriers <email address hidden> Tue, 19 Feb 2019 12:04:49 +0100
