Format: 1.8 Date: Fri, 14 Dec 2018 10:33:50 -0500 Source: nss Binary: libnss3 libnss3-1d libnss3-nssdb libnss3-tools libnss3-dev libnss3-dbg Architecture: amd64 Version: 2:3.28.4-0ubuntu0.14.04.4 Distribution: trusty Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libnss3 - Network Security Service libraries libnss3-1d - Network Security Service libraries - transitional package libnss3-dbg - Debugging symbols for the Network Security Service libraries libnss3-dev - Development files for the Network Security Service libraries libnss3-nssdb - Network Security Security libraries - shared databases libnss3-tools - Network Security Service tools Changes: nss (2:3.28.4-0ubuntu0.14.04.4) trusty-security; urgency=medium . * SECURITY UPDATE: side-channel attack on ECDSA signatures - debian/patches/CVE-2018-0495.patch: improve ecdsa and dsa in nss/lib/freebl/dsa.c, nss/lib/freebl/ec.c. - CVE-2018-0495 * SECURITY UPDATE: ServerHello.random is all zero in v2 ClientHello - debian/patches/CVE-2018-12384-1.patch: fix random logic in nss/lib/ssl/ssl3con.c. - debian/patches/CVE-2018-12384-2.patch: add tests to nss/gtests/ssl_gtest/ssl_loopback_unittest.cc, nss/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc. - CVE-2018-12384 * SECURITY UPDATE: cache side-channel variant of the Bleichenbacher attack - debian/patches/CVE-2018-12404-1.patch: improve RSA key exchange handling in nss/lib/ssl/ssl3con.c. - debian/patches/CVE-2018-12404-3.patch: add constant time mp_to_fixlen_octets in nss/gtests/freebl_gtest/mpi_unittest.cc, nss/lib/freebl/mpi/mpi.c, nss/lib/freebl/mpi/mpi.h. - CVE-2018-12404 Checksums-Sha1: a0c8b12dae874256208e30a15c4ebbcb7cef378a 1119954 libnss3_3.28.4-0ubuntu0.14.04.4_amd64.deb 214cf87a9beb6fc2ca0dc278fbf6ee0dc0af7241 9306 libnss3-1d_3.28.4-0ubuntu0.14.04.4_amd64.deb 616ee1adda0413919e4fadcae70fbe44072ae325 760842 libnss3-tools_3.28.4-0ubuntu0.14.04.4_amd64.deb c4a850dd995858f0c1815d56cb6a500474853fcc 221246 libnss3-dev_3.28.4-0ubuntu0.14.04.4_amd64.deb 813bdf6a3bdf0687cf6575cbd6e70446aee43499 8564226 libnss3-dbg_3.28.4-0ubuntu0.14.04.4_amd64.deb 987fc401ad88a46ba89be8ec912ddd8d5ff7b127 2572144 libnss3-dbgsym_3.28.4-0ubuntu0.14.04.4_amd64.ddeb 7ef51fbc62732d49e010a7e7130a082651d4fa05 2622572 libnss3-tools-dbgsym_3.28.4-0ubuntu0.14.04.4_amd64.ddeb Checksums-Sha256: c6515a60d8f6640afe835fe6ec939cf47dd33df3fef58e2068b29b4158f2986b 1119954 libnss3_3.28.4-0ubuntu0.14.04.4_amd64.deb 615b027a44c4aafcd30e487d9efe5c72964f3a046cf2baaa49fdb0a45087a07e 9306 libnss3-1d_3.28.4-0ubuntu0.14.04.4_amd64.deb 721ab255e1f0d7d5065ce4c39508e6c1b0ec42b587870c7163aa5fee9624fec2 760842 libnss3-tools_3.28.4-0ubuntu0.14.04.4_amd64.deb 9064302b7a47d272abc6d6a3c9642674cabecba93219f071f068f320d8193779 221246 libnss3-dev_3.28.4-0ubuntu0.14.04.4_amd64.deb f2c0dc03d91c0829f05bda2449fe8a2be1c9bb383623b27334204bb1722bc679 8564226 libnss3-dbg_3.28.4-0ubuntu0.14.04.4_amd64.deb 01333ca21a6586aa2a35f4c68fa1e1ab6ec6e65b965d4117aeb571443a261226 2572144 libnss3-dbgsym_3.28.4-0ubuntu0.14.04.4_amd64.ddeb 942691920ff4743dfabe88f25facff1f6903e26f34ee0c4dc4bb39fb026c7077 2622572 libnss3-tools-dbgsym_3.28.4-0ubuntu0.14.04.4_amd64.ddeb Files: 48ae3aba07a849c7dfb10b5d9732c44a 1119954 libs optional libnss3_3.28.4-0ubuntu0.14.04.4_amd64.deb 8ace6424789c9ca0fea9e429d558f65e 9306 oldlibs extra libnss3-1d_3.28.4-0ubuntu0.14.04.4_amd64.deb 32430f1774e83d5dab2021afb4f80a0a 760842 admin optional libnss3-tools_3.28.4-0ubuntu0.14.04.4_amd64.deb 891376c7951fca386420cf046fbc8050 221246 libdevel optional libnss3-dev_3.28.4-0ubuntu0.14.04.4_amd64.deb d6ad44d1ccd5e89e3c4060cf86b13738 8564226 debug extra libnss3-dbg_3.28.4-0ubuntu0.14.04.4_amd64.deb c1b38cd9f09775ce3626c1d782b2fec8 2572144 libs extra libnss3-dbgsym_3.28.4-0ubuntu0.14.04.4_amd64.ddeb 59401412ba7deb5f9b74cc7de3dad247 2622572 admin extra libnss3-tools-dbgsym_3.28.4-0ubuntu0.14.04.4_amd64.ddeb Original-Maintainer: Maintainers of Mozilla-related packages