Format: 1.8 Date: Fri, 14 Dec 2018 09:59:33 -0500 Source: nss Binary: libnss3 libnss3-1d libnss3-nssdb libnss3-tools libnss3-dev libnss3-dbg Architecture: s390x Version: 2:3.28.4-0ubuntu0.16.04.4 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libnss3 - Network Security Service libraries libnss3-1d - Network Security Service libraries - transitional package libnss3-dbg - Debugging symbols for the Network Security Service libraries libnss3-dev - Development files for the Network Security Service libraries libnss3-nssdb - Network Security Security libraries - shared databases libnss3-tools - Network Security Service tools Changes: nss (2:3.28.4-0ubuntu0.16.04.4) xenial-security; urgency=medium . * SECURITY UPDATE: side-channel attack on ECDSA signatures - debian/patches/CVE-2018-0495.patch: improve ecdsa and dsa in nss/lib/freebl/dsa.c, nss/lib/freebl/ec.c. - CVE-2018-0495 * SECURITY UPDATE: ServerHello.random is all zero in v2 ClientHello - debian/patches/CVE-2018-12384-1.patch: fix random logic in nss/lib/ssl/ssl3con.c. - debian/patches/CVE-2018-12384-2.patch: add tests to nss/gtests/ssl_gtest/ssl_loopback_unittest.cc, nss/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc. - CVE-2018-12384 * SECURITY UPDATE: cache side-channel variant of the Bleichenbacher attack - debian/patches/CVE-2018-12404-1.patch: improve RSA key exchange handling in nss/lib/ssl/ssl3con.c. - debian/patches/CVE-2018-12404-3.patch: add constant time mp_to_fixlen_octets in nss/gtests/freebl_gtest/mpi_unittest.cc, nss/lib/freebl/mpi/mpi.c, nss/lib/freebl/mpi/mpi.h. - CVE-2018-12404 Checksums-Sha1: c46ac9397e4d888107630ed96f3c04fb574059a3 9310 libnss3-1d_3.28.4-0ubuntu0.16.04.4_s390x.deb 6f6f392f3d1b2a54d544abb67ba9d47a42bf701f 8358808 libnss3-dbg_3.28.4-0ubuntu0.16.04.4_s390x.deb 836b07b0aa32c7ed4092fb3b45576e9e01ca9987 2294058 libnss3-dbgsym_3.28.4-0ubuntu0.16.04.4_s390x.ddeb e85eb679945be2b6773c6bb58e45c6cecf5410d8 228366 libnss3-dev_3.28.4-0ubuntu0.16.04.4_s390x.deb 748c907f47754644964ac31285ff3c156fd1ddb6 2383154 libnss3-tools-dbgsym_3.28.4-0ubuntu0.16.04.4_s390x.ddeb d96c7032a4ff1c825bafef2fa0c4ac49bdae7d8e 796824 libnss3-tools_3.28.4-0ubuntu0.16.04.4_s390x.deb 9d3b571213c7c721aabbbd1cf6e8a202b2275b90 1058234 libnss3_3.28.4-0ubuntu0.16.04.4_s390x.deb Checksums-Sha256: 9820b8c2e419d2f6c0776ad5b6f51d853171337503183ecf944e90185d84a9c5 9310 libnss3-1d_3.28.4-0ubuntu0.16.04.4_s390x.deb c3a580bc89d15299a36fd9a62a1413f1b99f4698285a3e6783eaa9948cbed5ca 8358808 libnss3-dbg_3.28.4-0ubuntu0.16.04.4_s390x.deb f4e67d6f267f23978d2830427329a4bdf4703d3f43a869ad8db78d6412d345a0 2294058 libnss3-dbgsym_3.28.4-0ubuntu0.16.04.4_s390x.ddeb c5332daeb47403e379e9deb9c151fa071299715fd9f05aa08f0a5ed033deb056 228366 libnss3-dev_3.28.4-0ubuntu0.16.04.4_s390x.deb 27b522c6d02685b2cc71cf50fb581154c10f4b78f3ce1b39b08154eafa03d3c3 2383154 libnss3-tools-dbgsym_3.28.4-0ubuntu0.16.04.4_s390x.ddeb e1a8a6136ee37fdfd945b311b2f31f68c886aae2f8c64dc525bac4ec4a2d9347 796824 libnss3-tools_3.28.4-0ubuntu0.16.04.4_s390x.deb 6428bc3b76e85a2658fe7150c7b48ac5c42c205b91e224dc8100633abdd70667 1058234 libnss3_3.28.4-0ubuntu0.16.04.4_s390x.deb Files: c584f5ba2bd27b1c9b47650e7b99d807 9310 oldlibs extra libnss3-1d_3.28.4-0ubuntu0.16.04.4_s390x.deb 4dad3b1faac4a8b2c35c6ad8248a16b4 8358808 debug extra libnss3-dbg_3.28.4-0ubuntu0.16.04.4_s390x.deb ada914d2a76e3ed94483f4e335ba7694 2294058 libs extra libnss3-dbgsym_3.28.4-0ubuntu0.16.04.4_s390x.ddeb 56e715aaad74427c7d3781118696b05f 228366 libdevel optional libnss3-dev_3.28.4-0ubuntu0.16.04.4_s390x.deb dbd116bb287365d55bea9bc0a75fd4d6 2383154 admin extra libnss3-tools-dbgsym_3.28.4-0ubuntu0.16.04.4_s390x.ddeb e74be475f0c912866be324ac7bb4db6f 796824 admin optional libnss3-tools_3.28.4-0ubuntu0.16.04.4_s390x.deb e9778bff6fb83a00d53e7604399353d2 1058234 libs optional libnss3_3.28.4-0ubuntu0.16.04.4_s390x.deb Original-Maintainer: Maintainers of Mozilla-related packages