-
nss (2:3.68-1ubuntu1.2) impish-security; urgency=medium
* SECURITY UPDATE: Crash when handling empty pkcs7 sequence
- debian/patches/CVE-2022-22747.patch: check for missing signedData
field in nss/gtests/certdb_gtest/decode_certs_unittest.cc,
nss/lib/pkcs7/certread.c.
- CVE-2022-22747
* SECURITY UPDATE: Free of uninitialized pointer in lg_init
- debian/patches/CVE-2022-34480.patch: rearrange frees in
nss/lib/softoken/legacydb/lginit.c.
- CVE-2022-34480
-- Marc Deslauriers <email address hidden> Wed, 06 Jul 2022 07:22:18 -0400
-
nss (2:3.68-1ubuntu1.1) impish-security; urgency=medium
* SECURITY UPDATE: heap overflow when verifying DSA/RSA-PSS DER-encoded
signatures
- debian/patches/CVE-2021-43527.patch: check signature lengths in
nss/lib/cryptohi/secvfy.c.
- CVE-2021-43527
-- Marc Deslauriers <email address hidden> Mon, 29 Nov 2021 07:12:54 -0500
-
nss (2:3.68-1ubuntu1) impish; urgency=medium
* Merge with Debian unstable. Remaining changes:
- d/libnss3.links: Make freebl3 available as library. (LP #1744328)
- d/control: Add dh-exec to Build-Depends.
- d/rules: Make mkdir tolerate debian/tmp existing (due to dh-exec).
- d/p/disable_fips_enabled_read.patch: Disable reading fips_enabled flag
in FIPS mode as libnss is not a FIPS certified library. (LP #1837734)
- d/p/set-tls1.2-as-minimum.patch: Set TLSv1.2 as minimum TLS version.
(LP #1856428)
- d/libnss3.links.in: Symlink chk files to fix self-verification in
FIPS mode. (LP #1885562)
- d/p/fix-ftbfs-s390x.patch: Fix some uninitialized variable warnings
and format overflows for s390x.
- d/p/fix-ftbfs-glibc-invalid-oob-error.patch: Disable non-null error
checking on call to getcwd since this results in an erroneous warning
that causes the build to fail otherwise.
* New changes:
- d/rules: Disable LTO on s390x for now. (LP #1931104)
-- Paride Legovini <email address hidden> Wed, 28 Jul 2021 15:27:12 +0200
-
nss (2:3.63-1ubuntu1) hirsute; urgency=low
* Merge from Debian unstable. Remaining changes:
- d/libnss3.links: make freebl3 available as library (LP #1744328)
- d/control: add dh-exec to Build-Depends
- d/rules: make mkdir tolerate debian/tmp existing (due to dh-exec)
- Disable reading fips_enabled flag in FIPS mode. libnss is
not a FIPS certified library. (LP #1837734)
- Set TLSv1.2 as minimum TLS version. LP #1856428
- Symlink chk files to fix self-verification in FIPS mode (LP #1885562)
- debian/patches/fix-ftbfs-s390x.patch: fix some uninitialized
variable warnings and format overflows for s390x.
- debian/patches/fix-ftbfs-glibc-invalid-oob-error.patch: Disable
non-null error checking on call to getcwd since this results in an
erroneous warning that causes the build to fail otherwise
-- Gianfranco Costamagna <email address hidden> Mon, 29 Mar 2021 20:54:57 +0200
-
nss (2:3.61-1ubuntu2) hirsute; urgency=medium
* No change rebuild with fixed ownership.
-- Dimitri John Ledkov <email address hidden> Tue, 16 Feb 2021 15:18:55 +0000
