Format: 1.8 Date: Fri, 14 Dec 2018 09:59:33 -0500 Source: nss Binary: libnss3 libnss3-1d libnss3-nssdb libnss3-tools libnss3-dev libnss3-dbg Architecture: armhf Version: 2:3.28.4-0ubuntu0.16.04.4 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libnss3 - Network Security Service libraries libnss3-1d - Network Security Service libraries - transitional package libnss3-dbg - Debugging symbols for the Network Security Service libraries libnss3-dev - Development files for the Network Security Service libraries libnss3-nssdb - Network Security Security libraries - shared databases libnss3-tools - Network Security Service tools Changes: nss (2:3.28.4-0ubuntu0.16.04.4) xenial-security; urgency=medium . * SECURITY UPDATE: side-channel attack on ECDSA signatures - debian/patches/CVE-2018-0495.patch: improve ecdsa and dsa in nss/lib/freebl/dsa.c, nss/lib/freebl/ec.c. - CVE-2018-0495 * SECURITY UPDATE: ServerHello.random is all zero in v2 ClientHello - debian/patches/CVE-2018-12384-1.patch: fix random logic in nss/lib/ssl/ssl3con.c. - debian/patches/CVE-2018-12384-2.patch: add tests to nss/gtests/ssl_gtest/ssl_loopback_unittest.cc, nss/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc. - CVE-2018-12384 * SECURITY UPDATE: cache side-channel variant of the Bleichenbacher attack - debian/patches/CVE-2018-12404-1.patch: improve RSA key exchange handling in nss/lib/ssl/ssl3con.c. - debian/patches/CVE-2018-12404-3.patch: add constant time mp_to_fixlen_octets in nss/gtests/freebl_gtest/mpi_unittest.cc, nss/lib/freebl/mpi/mpi.c, nss/lib/freebl/mpi/mpi.h. - CVE-2018-12404 Checksums-Sha1: 919bf8799a05116053db7fa3d242e4a1a7111155 9304 libnss3-1d_3.28.4-0ubuntu0.16.04.4_armhf.deb 10b1bb06197a48ab4ab8cdab96036fa2b13799a5 8136332 libnss3-dbg_3.28.4-0ubuntu0.16.04.4_armhf.deb 263a66dfe3cc3212672dbf558b521dac3d57cd1e 2435412 libnss3-dbgsym_3.28.4-0ubuntu0.16.04.4_armhf.ddeb 5adf0fc97bf8432188d2b7410a333488b9d1a29d 224032 libnss3-dev_3.28.4-0ubuntu0.16.04.4_armhf.deb 7dd46695c5e1ce6299af8d0d9a3db72db4ba8cc0 2526574 libnss3-tools-dbgsym_3.28.4-0ubuntu0.16.04.4_armhf.ddeb e10f961fc48f4a63865f6d311334a87c0e42a199 747776 libnss3-tools_3.28.4-0ubuntu0.16.04.4_armhf.deb ca9b5c2ec6b86c5f0f563a63909f01cba1d8485a 959592 libnss3_3.28.4-0ubuntu0.16.04.4_armhf.deb Checksums-Sha256: 28d7ac863ab3261a996127f9dacb1f9b16ee22c80e3799a5c4941ca076abdda3 9304 libnss3-1d_3.28.4-0ubuntu0.16.04.4_armhf.deb f9aad7016a46e2d528f47fb0a839502c6a31a264270f9512c0d1ce450a687464 8136332 libnss3-dbg_3.28.4-0ubuntu0.16.04.4_armhf.deb 915030a7e99a2fb01e1cc5e444a302ccbda318254f42d3b227bc120bbcd66770 2435412 libnss3-dbgsym_3.28.4-0ubuntu0.16.04.4_armhf.ddeb f2c5f3fbfecf9b3113721fae1a4d903b6f0792b72dbae51099a0ae4b0fbfbbb9 224032 libnss3-dev_3.28.4-0ubuntu0.16.04.4_armhf.deb 4f8ac8691c4d334a69a4377479672eca239ae7cf7aba9b341baefbc68e182322 2526574 libnss3-tools-dbgsym_3.28.4-0ubuntu0.16.04.4_armhf.ddeb 898521c0cc79333af760e1122dd022cd40555435fbb69c59811a54ca99cb7a59 747776 libnss3-tools_3.28.4-0ubuntu0.16.04.4_armhf.deb 8f08a0b89da523b84fc749453e7eeab074c1da50ce39bedb11421faaa0e07612 959592 libnss3_3.28.4-0ubuntu0.16.04.4_armhf.deb Files: 95dbe57975300fea942bc70102c664c3 9304 oldlibs extra libnss3-1d_3.28.4-0ubuntu0.16.04.4_armhf.deb f9a564d9a20f6d148e7f9dea3f9d4b00 8136332 debug extra libnss3-dbg_3.28.4-0ubuntu0.16.04.4_armhf.deb b0b8d74e0e4bb7caac15cb19e27d560a 2435412 libs extra libnss3-dbgsym_3.28.4-0ubuntu0.16.04.4_armhf.ddeb 06acaa2ee16f9d90e4c90729b473d6b8 224032 libdevel optional libnss3-dev_3.28.4-0ubuntu0.16.04.4_armhf.deb ea820bf6cc28b600c03c13f806a245e1 2526574 admin extra libnss3-tools-dbgsym_3.28.4-0ubuntu0.16.04.4_armhf.ddeb a0297a8dc7ee525f85c6fccadf659cfa 747776 admin optional libnss3-tools_3.28.4-0ubuntu0.16.04.4_armhf.deb 28b8bbba57efa4eb6813fb3ef9d65703 959592 libs optional libnss3_3.28.4-0ubuntu0.16.04.4_armhf.deb Original-Maintainer: Maintainers of Mozilla-related packages