Format: 1.8 Date: Fri, 14 Dec 2018 09:59:33 -0500 Source: nss Binary: libnss3 libnss3-1d libnss3-nssdb libnss3-tools libnss3-dev libnss3-dbg Architecture: powerpc Version: 2:3.28.4-0ubuntu0.16.04.4 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libnss3 - Network Security Service libraries libnss3-1d - Network Security Service libraries - transitional package libnss3-dbg - Debugging symbols for the Network Security Service libraries libnss3-dev - Development files for the Network Security Service libraries libnss3-nssdb - Network Security Security libraries - shared databases libnss3-tools - Network Security Service tools Changes: nss (2:3.28.4-0ubuntu0.16.04.4) xenial-security; urgency=medium . * SECURITY UPDATE: side-channel attack on ECDSA signatures - debian/patches/CVE-2018-0495.patch: improve ecdsa and dsa in nss/lib/freebl/dsa.c, nss/lib/freebl/ec.c. - CVE-2018-0495 * SECURITY UPDATE: ServerHello.random is all zero in v2 ClientHello - debian/patches/CVE-2018-12384-1.patch: fix random logic in nss/lib/ssl/ssl3con.c. - debian/patches/CVE-2018-12384-2.patch: add tests to nss/gtests/ssl_gtest/ssl_loopback_unittest.cc, nss/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc. - CVE-2018-12384 * SECURITY UPDATE: cache side-channel variant of the Bleichenbacher attack - debian/patches/CVE-2018-12404-1.patch: improve RSA key exchange handling in nss/lib/ssl/ssl3con.c. - debian/patches/CVE-2018-12404-3.patch: add constant time mp_to_fixlen_octets in nss/gtests/freebl_gtest/mpi_unittest.cc, nss/lib/freebl/mpi/mpi.c, nss/lib/freebl/mpi/mpi.h. - CVE-2018-12404 Checksums-Sha1: 4cf62df5c27c164eb21b3a5190961e4cfddbd39e 9312 libnss3-1d_3.28.4-0ubuntu0.16.04.4_powerpc.deb b39cec4504c4277e9a18cdf7aff7144d64043a42 8640476 libnss3-dbg_3.28.4-0ubuntu0.16.04.4_powerpc.deb af6cc2619a796816a9f8ac747dedd03ca9873578 2390398 libnss3-dbgsym_3.28.4-0ubuntu0.16.04.4_powerpc.ddeb 8181669ff71d69e0eac999761208440d11ab343b 226170 libnss3-dev_3.28.4-0ubuntu0.16.04.4_powerpc.deb afa3b5496a21fedb122858d01116cc1010ff7edf 2399246 libnss3-tools-dbgsym_3.28.4-0ubuntu0.16.04.4_powerpc.ddeb f7a1c3051ff88f33fe9c7cfb393dc49a001ea02d 666874 libnss3-tools_3.28.4-0ubuntu0.16.04.4_powerpc.deb 1c168bdf58756618e36df32c96a7c0128ad930cf 994200 libnss3_3.28.4-0ubuntu0.16.04.4_powerpc.deb Checksums-Sha256: d869670b54120a65b99f7b95d1789788e2ca8770a0b0ae23bf9e1e36e9d2ec32 9312 libnss3-1d_3.28.4-0ubuntu0.16.04.4_powerpc.deb 6b3d6090f8dd68cf8d9abecf1efebd0065241f7dbe488ae00848342988abcf9d 8640476 libnss3-dbg_3.28.4-0ubuntu0.16.04.4_powerpc.deb e34dd51b525c51bff4251db58f345d4e20bf29b74db5b8972ef19fa8d7b7f4bf 2390398 libnss3-dbgsym_3.28.4-0ubuntu0.16.04.4_powerpc.ddeb 35f7a5b5bdaedb233fdae0ac4f09efa975598f8f92b8b8feb366f7b0a24c413f 226170 libnss3-dev_3.28.4-0ubuntu0.16.04.4_powerpc.deb aba379e5546bb566d5c7823f5683eab1ec02ef684aeb25f2d76af9fef7227acd 2399246 libnss3-tools-dbgsym_3.28.4-0ubuntu0.16.04.4_powerpc.ddeb bcb4ceb9be59d2dd96dc53c7181262eb9e6ca4908a663bee8da75bddf7badb1a 666874 libnss3-tools_3.28.4-0ubuntu0.16.04.4_powerpc.deb 35882ffb888152cbf3fd61dd0ccb9b26b019466c92e9ac0af1fa4319de164b62 994200 libnss3_3.28.4-0ubuntu0.16.04.4_powerpc.deb Files: 262d4be45d5a4598c46a0ec5bb0af51e 9312 oldlibs extra libnss3-1d_3.28.4-0ubuntu0.16.04.4_powerpc.deb ed27d3e4211d16f82852cb1fbf528bfc 8640476 debug extra libnss3-dbg_3.28.4-0ubuntu0.16.04.4_powerpc.deb 01c7a741cfb0cef1de7d52204d39e809 2390398 libs extra libnss3-dbgsym_3.28.4-0ubuntu0.16.04.4_powerpc.ddeb 7a0e6fa398fce6e8cfa02eb3410dc3ec 226170 libdevel optional libnss3-dev_3.28.4-0ubuntu0.16.04.4_powerpc.deb 1c3f7a8ba71c74ab98b7deac5c5f748f 2399246 admin extra libnss3-tools-dbgsym_3.28.4-0ubuntu0.16.04.4_powerpc.ddeb e212dc030dae2bca0e0b6ccbc77cc497 666874 admin optional libnss3-tools_3.28.4-0ubuntu0.16.04.4_powerpc.deb 917aa51199c46df77cf9d8b2b410bda1 994200 libs optional libnss3_3.28.4-0ubuntu0.16.04.4_powerpc.deb Original-Maintainer: Maintainers of Mozilla-related packages