Format: 1.8 Date: Fri, 14 Dec 2018 09:59:33 -0500 Source: nss Binary: libnss3 libnss3-1d libnss3-nssdb libnss3-tools libnss3-dev libnss3-dbg Architecture: ppc64el Version: 2:3.28.4-0ubuntu0.16.04.4 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libnss3 - Network Security Service libraries libnss3-1d - Network Security Service libraries - transitional package libnss3-dbg - Debugging symbols for the Network Security Service libraries libnss3-dev - Development files for the Network Security Service libraries libnss3-nssdb - Network Security Security libraries - shared databases libnss3-tools - Network Security Service tools Changes: nss (2:3.28.4-0ubuntu0.16.04.4) xenial-security; urgency=medium . * SECURITY UPDATE: side-channel attack on ECDSA signatures - debian/patches/CVE-2018-0495.patch: improve ecdsa and dsa in nss/lib/freebl/dsa.c, nss/lib/freebl/ec.c. - CVE-2018-0495 * SECURITY UPDATE: ServerHello.random is all zero in v2 ClientHello - debian/patches/CVE-2018-12384-1.patch: fix random logic in nss/lib/ssl/ssl3con.c. - debian/patches/CVE-2018-12384-2.patch: add tests to nss/gtests/ssl_gtest/ssl_loopback_unittest.cc, nss/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc. - CVE-2018-12384 * SECURITY UPDATE: cache side-channel variant of the Bleichenbacher attack - debian/patches/CVE-2018-12404-1.patch: improve RSA key exchange handling in nss/lib/ssl/ssl3con.c. - debian/patches/CVE-2018-12404-3.patch: add constant time mp_to_fixlen_octets in nss/gtests/freebl_gtest/mpi_unittest.cc, nss/lib/freebl/mpi/mpi.c, nss/lib/freebl/mpi/mpi.h. - CVE-2018-12404 Checksums-Sha1: 549ba06f7dfb30d6896a5570b12269a43d95cfee 9316 libnss3-1d_3.28.4-0ubuntu0.16.04.4_ppc64el.deb 548f770a40f20da572e3a28fb3f695e66741565b 9019594 libnss3-dbg_3.28.4-0ubuntu0.16.04.4_ppc64el.deb fa6f6327da993ca2c5662f8ea22df968300866a3 2729614 libnss3-dbgsym_3.28.4-0ubuntu0.16.04.4_ppc64el.ddeb c0db8d1f7c88f92fe9db2f4ce39ed24777759053 227552 libnss3-dev_3.28.4-0ubuntu0.16.04.4_ppc64el.deb 62a82d83b658f685f75d6f2c6e1ca9a16bb74f34 2770378 libnss3-tools-dbgsym_3.28.4-0ubuntu0.16.04.4_ppc64el.ddeb 3208ff0b349f0471b7f27ed6286c8d9b6b607de6 745938 libnss3-tools_3.28.4-0ubuntu0.16.04.4_ppc64el.deb 10a769014b1ec3ae2ff1ba8d7eb266ae713f6404 1114276 libnss3_3.28.4-0ubuntu0.16.04.4_ppc64el.deb Checksums-Sha256: dcf8c2bfe4fb5b25563891ca94fbb34b85856957685eec2f78cb8c4657f0f9c5 9316 libnss3-1d_3.28.4-0ubuntu0.16.04.4_ppc64el.deb 8f81ef8572ec01c23c70d24f35724b49c067a7a791f44545c877bca457656463 9019594 libnss3-dbg_3.28.4-0ubuntu0.16.04.4_ppc64el.deb f2afef8ed873bcba38ca62a9b6b9e8084fc77916e155d4ad8a0ee253563d1c42 2729614 libnss3-dbgsym_3.28.4-0ubuntu0.16.04.4_ppc64el.ddeb 4ea19d22365eecba364bd83ec75d46d29da0c39833c900ce7308a91681a72c70 227552 libnss3-dev_3.28.4-0ubuntu0.16.04.4_ppc64el.deb 871f78e72014f54071721577e2bc6bac8cddbab7c4e244af238e30afef02abca 2770378 libnss3-tools-dbgsym_3.28.4-0ubuntu0.16.04.4_ppc64el.ddeb bd27b99a27bf6806d695bbf48c5754289b0e5368de8a8e359d7a55e0058c02ad 745938 libnss3-tools_3.28.4-0ubuntu0.16.04.4_ppc64el.deb 499d458235278baa43e402654ec12a09aa72d5be79d4d99daa4dcb917d4ccc48 1114276 libnss3_3.28.4-0ubuntu0.16.04.4_ppc64el.deb Files: 92373a09e672384e2ee222c9bf7f54bb 9316 oldlibs extra libnss3-1d_3.28.4-0ubuntu0.16.04.4_ppc64el.deb 8d75a7bb4e3b42e4e0b9f6b3e00d4e2b 9019594 debug extra libnss3-dbg_3.28.4-0ubuntu0.16.04.4_ppc64el.deb 7eda3b2b4bbfb9c49bcb8b340b6675a4 2729614 libs extra libnss3-dbgsym_3.28.4-0ubuntu0.16.04.4_ppc64el.ddeb c5f29c35cab2880a3b9a3149ad581090 227552 libdevel optional libnss3-dev_3.28.4-0ubuntu0.16.04.4_ppc64el.deb e0561aa3df0db15f90528b5be760b366 2770378 admin extra libnss3-tools-dbgsym_3.28.4-0ubuntu0.16.04.4_ppc64el.ddeb b021cee38573bf4638f25cd9352cca85 745938 admin optional libnss3-tools_3.28.4-0ubuntu0.16.04.4_ppc64el.deb 33982368bb64f7d67497aa2ada07a156 1114276 libs optional libnss3_3.28.4-0ubuntu0.16.04.4_ppc64el.deb Original-Maintainer: Maintainers of Mozilla-related packages