-
nss (2:3.19.2-0ubuntu0.14.10.1) utopic-security; urgency=medium
* SECURITY UPDATE: update to upstream 3.19.2 to fix multiple security
issues and get a new CA certificate bundle.
- CVE-2015-2721
- CVE-2015-2730
* debian/libnss3.symbols: updated for new version.
* debian/patches/relax_dh_size.patch: relax minimum DH size to 768 bits
for compatibility reasons. This patch will get reverted in the future
once servers have upgraded to longer DH sizes.
-- Marc Deslauriers <email address hidden> Wed, 08 Jul 2015 12:10:02 -0400
-
nss (2:3.17.4-0ubuntu0.14.10.1) utopic-security; urgency=medium
* SECURITY UPDATE: update to upstream 3.17.4 to get new CA certificate
bundle, and to fix incorrect SHA-1 behaviour. (LP: #1423031)
* Removed unneeded patches:
- debian/patches/CVE-2014-1569.patch: included upstream.
-- Marc Deslauriers <email address hidden> Thu, 19 Feb 2015 07:41:50 -0500
-
nss (2:3.17.1-0ubuntu1.1) utopic-security; urgency=medium
* SECURITY UPDATE: arbitrary data smuggling via incorrect ASN.1 DER
length decoding
- debian/patches/CVE-2014-1569.patch: properly validate lengths in
nss/lib/util/quickder.c.
- CVE-2014-1569
-- Marc Deslauriers <email address hidden> Tue, 06 Jan 2015 13:16:00 -0500
-
nss (2:3.17.1-0ubuntu1) utopic; urgency=medium
* SECURITY UPDATE: update to 3.17.1
- see USN-2361-1
* debian/libnss3.symbols: updated for new version.
* debian/patches/38_ppc64le.patch: removed, upstream.
-- Marc Deslauriers <email address hidden> Wed, 24 Sep 2014 15:35:00 -0400
-
nss (2:3.17-1ubuntu1) utopic; urgency=medium
* Merge with Debian; remaining changes:
- debian/rules: Add x32 support.
- debian/control, debian/libnss3-nssdb.*, debian/libnss3.symbols,
debian/pkcs11.txt, debian/rules: Add back support for shared cert
and key databases.
- debian/rules: also ship blapi.h and alghmac.h in libnss3-dev.
* Really add support for ppc64el.
nss (2:3.17-1) unstable; urgency=medium
* New upstream release.
* nss/coreconf/Linux.mk: Actually add support for ppc64el. Closes: #745757.
nss (2:3.16.3-1.1) unstable; urgency=low
* Non-maintainer upload to delayed.
* Add support for ppc64el. Closes: #745757
-- Matthias Klose <email address hidden> Tue, 09 Sep 2014 16:11:12 +0200
-
nss (2:3.16.3-1ubuntu1) utopic; urgency=medium
* Merge with Debian, remaining changes:
- debian/rules: Add x32 support.
- debian/control, debian/libnss3-nssdb.*, debian/libnss3.symbols,
debian/pkcs11.txt, debian/rules: Add back support for shared cert
and key databases.
* Dropped patches:
- debian/patches/CVE-2014-1492.patch: upstream
- debian/patches/95_add_spi_certs.patch: now equivalent to
95_add_spi+cacert_ca_certs.patch
- debian/patches/38_x32.patch: equivalent included upstream (except
USE_X32 instead of USE_x32)
* debian/rules: also ship blapi.h and alghmac.h in libnss3-dev.
nss (2:3.16.3-1) unstable; urgency=medium
* New upstream release.
* debian/libnss3.symbols: Add NSS_3.16.2 symbol versions.
nss (2:3.16.1-1) unstable; urgency=medium
* New upstream release.
* debian/libnss3.symbols: Add NSS_3.16.1 symbol versions.
nss (2:3.16-1) unstable; urgency=medium
* New upstream release.
* debian/libnss3.symbols: Add NSS_3.16 symbol versions.
* nss/lib/ckfw/builtins/certdata.txt: Remove CACert root certificates.
nss (2:3.15.4-2) unstable; urgency=high
* Upstream release 3.15.4 fixed MFSA-2014-12, also known as CVE-2014-1490
and CVE-2014-1491. Bumping urgency as such.
* debian/control, debian/libnss3-nssdb.*, debian/pkcs11.txt, debian/rules:
Revert changes from 2:3.15.4-1. Reopens: #537866, Closes: #735329, #736061.
-- Marc Deslauriers <email address hidden> Wed, 16 Jul 2014 13:05:53 -0400
-
nss (2:3.15.4-1ubuntu7) trusty; urgency=medium
* SECURITY UPDATE: incorrect IDNA wildcard handling
- debian/patches/CVE-2014-1492.patch: conform to RFC 6125 in
nss/lib/certdb/certdb.c.
- CVE-2014-1492
-- Marc Deslauriers <email address hidden> Wed, 02 Apr 2014 10:14:01 -0400