-
nss (3.12.9+ckbi-1.82-0ubuntu2.2) natty-security; urgency=low
* SECURITY UPDATE: denial of service in QuickDER decoder
- debian/patches/CVE-2012-0441.patch: properly handle zero-length basic
constraints and zero-length fields in
nss/mozilla/security/nss/lib/softoken/legacydb/keydb.c,
nss/mozilla/security/nss/lib/softoken/legacydb/lgcreate.c,
nss/mozilla/security/nss/lib/softoken/legacydb/lowkey.c,
nss/mozilla/security/nss/lib/softoken/legacydb/lowkeyti.h,
nss/mozilla/security/nss/lib/util/quickder.c.
- CVE-2012-0441
* debian/rules: added a workaround to get package built on more recent
kernels.
-- Marc Deslauriers <email address hidden> Mon, 30 Jul 2012 14:25:20 -0400
-
nss (3.12.9+ckbi-1.82-0ubuntu2.1) natty-security; urgency=low
* SECURITY UPDATE: Add patch from Debian version 3.12.11-3 rebased against
3.12.9 to remove the DigiNotar certificates and actively distrust them;
Thanks to Mike Hommey from Debian for the original patch (LP: #837557)
- mozilla/security/nss/lib/ckfw/builtins/certdata.*:
Explicitely distrust various DigiNotar CAs:
- DigiNotar Root CA
- DigiNotar Services 1024 CA
- DigiNotar Cyber CA
- DigiNotar Cyber CA 2nd
- DigiNotar PKIoverheid
- DigiNotar PKIoverheid G2
- mozilla/security/nss/lib/ckfw/builtins/certdata.*:
Remove DigiNotar Root CA.
-- Micah Gersten <email address hidden> Wed, 07 Sep 2011 15:15:37 -0500
-
nss (3.12.9+ckbi-1.82-0ubuntu2) natty; urgency=low
* add explicit conflict to sunbird for systems that have this
package leftover from karmic days (LP: #760713)
-- Michael Vogt <email address hidden> Wed, 20 Apr 2011 13:45:50 +0200
-
nss (3.12.9+ckbi-1.82-0ubuntu1) natty; urgency=low
* New upstream release v3.12.9 with updated ckbi module
(NSS_3_12_9_WITH_CKBI_1_82_RTM )
-- Chris Coulson <email address hidden> Thu, 24 Mar 2011 22:30:28 +0000
-
nss (3.12.9~b2-0ubuntu1) natty; urgency=low
* New upstream release v3.12.9beta2 (NSS_3_12_9_BETA2)
* Drop the link shuffeling now, as all upgraders to this version will be
using a fixed package anyway
- remove debian/libnss3-1d.postinst
- remove debian/libnss3-1d.postrm
- remove debian/libnss3-1d.preinst
- remove debian/libnss3-1d.prerm
* Ship the main SO files in an unversioned binary, as we don't have
versioned SO's in Ubuntu. Maintain a transitional versioned binary
package containing the versioned symlinks, to maintain compatibility with
Debian
- update debian/control
- mass rename debian/libnss3-1d* => debian/libnss3*
- update debian/rules
* Fix postinst-must-call-ldconfig - dh_makeshlibs doesn't seem to add
the maintainer script hooks with the unversioned SO files, so add them
manually
- add debian/libnss3.postinst
- add debian/libnss3.postrm
* Drop libnss3-0d now
- remove debian/libnss3-0d.dirs
- remove debian/libnss3-0d.links
- update debian/control
* Bump libnspr4-dev build-dependency to 4.8.7
- update debian/control
* Update symbols
- update debian/libnss3.symbols
-- Chris Coulson <email address hidden> Tue, 11 Jan 2011 17:06:57 -0600
-
nss (3.12.8-0ubuntu0.10.10.1) maverick-security; urgency=low
* New upstream release v3.12.8 (NSS_3_12_8_RTM)
- Fix browser wildcard certificate validation issue
- Update root certs
- Fix SSL deadlocks
* Refresh patches:
- update debian/patches/38_kbsd.patch
- update debian/patches/97_SSL_RENEGOTIATE_TRANSITIONAL.patch
-- Chris Coulson <email address hidden> Mon, 04 Oct 2010 22:29:19 +0100
-
nss (3.12.7-0ubuntu1) maverick; urgency=low
* New upstream release v3.12.7 (NSS_3_12_7_RTM)
* Fix some lintian warnings
- update debian/rules
- update debian/control
- udpate debian/copyright
- update debian/libnss3-1d.postinst
- update debian/libnss3-1d.postrm
- update debian/libnss3-1d.preinst
- update debian/libnss3-1d.prerm
* Bump minimum nspr version to 4.8.6
- update debian/control
* Add new API to symbols file
- update debian/libnss3-1d.symbols
-- Chris Coulson <email address hidden> Wed, 25 Aug 2010 16:37:04 +0100
