Format: 1.8 Date: Wed, 12 Dec 2018 14:44:32 -0500 Source: nss Binary: libnss3 libnss3-tools libnss3-dev libnss3-dbg Architecture: ppc64el Version: 2:3.36.1-1ubuntu1.1 Distribution: cosmic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libnss3 - Network Security Service libraries libnss3-dbg - Debugging symbols for the Network Security Service libraries libnss3-dev - Development files for the Network Security Service libraries libnss3-tools - Network Security Service tools Changes: nss (2:3.36.1-1ubuntu1.1) cosmic-security; urgency=medium . * SECURITY UPDATE: side-channel attack on ECDSA signatures - debian/patches/CVE-2018-0495.patch: improve ecdsa and dsa in nss/lib/freebl/dsa.c, nss/lib/freebl/ec.c. - CVE-2018-0495 * SECURITY UPDATE: ServerHello.random is all zero in v2 ClientHello - debian/patches/CVE-2018-12384-1.patch: fix random logic in nss/lib/ssl/ssl3con.c. - debian/patches/CVE-2018-12384-2.patch: add tests to nss/gtests/ssl_gtest/ssl_loopback_unittest.cc, nss/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc. - CVE-2018-12384 * SECURITY UPDATE: cache side-channel variant of the Bleichenbacher attack - debian/patches/CVE-2018-12404-1.patch: improve RSA key exchange handling in nss/lib/ssl/ssl3con.c. - debian/patches/CVE-2018-12404-2.patch: improve padding checks in RSA_DecryptBlock in nss/gtests/freebl_gtest/rsa_unittest.cc, nss/lib/freebl/rsapkcs.c. - debian/patches/CVE-2018-12404-3.patch: add constant time mp_to_fixlen_octets in nss/gtests/freebl_gtest/mpi_unittest.cc, nss/lib/freebl/mpi/mpi.c, nss/lib/freebl/mpi/mpi.h. - CVE-2018-12404 * debian/patches/stringop_truncation.patch: fix FTBFS. Checksums-Sha1: 27ff600a7d778fc468cc97c96397ac5a1bd3ab11 11185300 libnss3-dbg_3.36.1-1ubuntu1.1_ppc64el.deb 66554d34653d08625e4419913dbb24593926cad4 232176 libnss3-dev_3.36.1-1ubuntu1.1_ppc64el.deb 8aa87ba6ef84548031aa5b59791b41c855fbb6f4 934744 libnss3-tools_3.36.1-1ubuntu1.1_ppc64el.deb 50aefb37c6928c936c4def608516c562cf5ae75d 1273648 libnss3_3.36.1-1ubuntu1.1_ppc64el.deb c3fb4bdca35e1028eac46b8827ad029f3cc1fc6c 5799 nss_3.36.1-1ubuntu1.1_ppc64el.buildinfo Checksums-Sha256: ec536544db54f70e11bcefd1b342cb197481f8cc304b3b55a22eb58eda54d241 11185300 libnss3-dbg_3.36.1-1ubuntu1.1_ppc64el.deb 52afd9eb213d57bffeda215f1c91a2e5056dda6c58c172f2ece32e7deb6c6708 232176 libnss3-dev_3.36.1-1ubuntu1.1_ppc64el.deb 447a29d1c508b46cab73b5aab9db8d297fd50bcb8fbf6c8b7ca46c3f26ad6900 934744 libnss3-tools_3.36.1-1ubuntu1.1_ppc64el.deb 842e8eec2134f13f3031389f1611612ca05f8fc74837b58f157c4724cd13cfc6 1273648 libnss3_3.36.1-1ubuntu1.1_ppc64el.deb 34f45bdfea86e31b2e099c5f46ea6e58f4aa8768e66c9b494727d6454f759580 5799 nss_3.36.1-1ubuntu1.1_ppc64el.buildinfo Files: 93dad4cb8dea06df699157010dd3230f 11185300 debug extra libnss3-dbg_3.36.1-1ubuntu1.1_ppc64el.deb 2eae4ade8a18f56c499bfff819b56a69 232176 libdevel optional libnss3-dev_3.36.1-1ubuntu1.1_ppc64el.deb 3edb90bde1856b1642633017c9d2621c 934744 admin optional libnss3-tools_3.36.1-1ubuntu1.1_ppc64el.deb b9a61cc06d00793019fa29e913570cf2 1273648 libs optional libnss3_3.36.1-1ubuntu1.1_ppc64el.deb 07cef49d96a44121462dcdbfbd2d25a7 5799 libs optional nss_3.36.1-1ubuntu1.1_ppc64el.buildinfo Original-Maintainer: Maintainers of Mozilla-related packages