Format: 1.8 Date: Fri, 12 Jul 2019 08:23:50 -0400 Source: nss Binary: libnss3 libnss3-1d libnss3-nssdb libnss3-tools libnss3-dev libnss3-dbg Architecture: arm64 Version: 2:3.28.4-0ubuntu0.16.04.6 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libnss3 - Network Security Service libraries libnss3-1d - Network Security Service libraries - transitional package libnss3-dbg - Debugging symbols for the Network Security Service libraries libnss3-dev - Development files for the Network Security Service libraries libnss3-nssdb - Network Security Security libraries - shared databases libnss3-tools - Network Security Service tools Changes: nss (2:3.28.4-0ubuntu0.16.04.6) xenial-security; urgency=medium . * SECURITY UPDATE: OOB read when importing a curve25519 private key - debian/patches/CVE-2019-11719.patch: don't unnecessarily strip leading 0's from key material during PKCS11 import in nss/lib/freebl/ecl/ecp_25519.c, nss/lib/pk11wrap/pk11akey.c, nss/lib/pk11wrap/pk11cert.c, nss/lib/pk11wrap/pk11pk12.c, nss/lib/softoken/legacydb/lgattr.c, nss/lib/softoken/pkcs11c.c. - CVE-2019-11719 * SECURITY UPDATE: segfault via empty or malformed p256-ECDH public keys - debian/patches/CVE-2019-11729-1.patch: more thorough input checking in nss/lib/cryptohi/seckey.c, nss/lib/freebl/dh.c, nss/lib/freebl/ec.c, nss/lib/util/quickder.c. - CVE-2019-11729 Checksums-Sha1: 1019607101a74f9cdf7481ecc75d9ecd2d773727 9310 libnss3-1d_3.28.4-0ubuntu0.16.04.6_arm64.deb 3ead16e5a5b085c4e45cd643210d3b2042257e3b 8627718 libnss3-dbg_3.28.4-0ubuntu0.16.04.6_arm64.deb 7c345efba2dd49e44b39be8887c7eb6cce03abbb 2557206 libnss3-dbgsym_3.28.4-0ubuntu0.16.04.6_arm64.ddeb d56160c3b1c9ae48b417c4970b22be7e2f41fe74 225568 libnss3-dev_3.28.4-0ubuntu0.16.04.6_arm64.deb 211bc920523306ea44d46dcf504a5bd9df559f20 2702666 libnss3-tools-dbgsym_3.28.4-0ubuntu0.16.04.6_arm64.ddeb 530abaf698d49990e736ad266d61961591421958 728998 libnss3-tools_3.28.4-0ubuntu0.16.04.6_arm64.deb 1a8a955dc2beba65549edbbeafd829edd4d62819 944140 libnss3_3.28.4-0ubuntu0.16.04.6_arm64.deb Checksums-Sha256: 74d3a13b5e1f62a2a16e2f8c3aa754b63f80e157e7ae2d6c99f019da11b1d702 9310 libnss3-1d_3.28.4-0ubuntu0.16.04.6_arm64.deb 31538cf4c8e905e3db0d5081eeaad5f90f27880a595babe0fe0815a3cd04c3ac 8627718 libnss3-dbg_3.28.4-0ubuntu0.16.04.6_arm64.deb 69b181f2385510c2883a34593e062ed64ddeee8127a6c656ef3ade46f8ded6f4 2557206 libnss3-dbgsym_3.28.4-0ubuntu0.16.04.6_arm64.ddeb 506698c0ffd95d0673175c594b322d8c42f6452ac1970643e3ebcce5c188eeda 225568 libnss3-dev_3.28.4-0ubuntu0.16.04.6_arm64.deb eb343f219a66c086d7892428ab2866c6a4aae013b4cc5452dd517d583c422534 2702666 libnss3-tools-dbgsym_3.28.4-0ubuntu0.16.04.6_arm64.ddeb c3628b467c98a217d502ca4c08abde90e93d2d41cdb45f0130a1dafcf4ece5b7 728998 libnss3-tools_3.28.4-0ubuntu0.16.04.6_arm64.deb bc76433ef3cb199f503d29193a34f61b66d5c797475c19fac5b0a94e33c63a75 944140 libnss3_3.28.4-0ubuntu0.16.04.6_arm64.deb Files: 80cf0cd161af31f6393695c80a180a7c 9310 oldlibs extra libnss3-1d_3.28.4-0ubuntu0.16.04.6_arm64.deb 9f08d0d0436698c4ef605cdcf009332a 8627718 debug extra libnss3-dbg_3.28.4-0ubuntu0.16.04.6_arm64.deb 0307b97ebab91ff0be6c8157eff4eda4 2557206 libs extra libnss3-dbgsym_3.28.4-0ubuntu0.16.04.6_arm64.ddeb aa75d1418a79556ed156f7887c7b254c 225568 libdevel optional libnss3-dev_3.28.4-0ubuntu0.16.04.6_arm64.deb 4055e03bc86a544fff02d301b69cd9c2 2702666 admin extra libnss3-tools-dbgsym_3.28.4-0ubuntu0.16.04.6_arm64.ddeb 5506a9d393e360189b8d2b21c2eb5d28 728998 admin optional libnss3-tools_3.28.4-0ubuntu0.16.04.6_arm64.deb 4e0a02a0534eae10cf1c139d3cf9ffcc 944140 libs optional libnss3_3.28.4-0ubuntu0.16.04.6_arm64.deb Original-Maintainer: Maintainers of Mozilla-related packages