Format: 1.8 Date: Fri, 12 Jul 2019 07:48:06 -0400 Source: nss Binary: libnss3 libnss3-dev libnss3-tools Architecture: amd64 Version: 2:3.42-1ubuntu2.1 Distribution: disco Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libnss3 - Network Security Service libraries libnss3-dev - Development files for the Network Security Service libraries libnss3-tools - Network Security Service tools Changes: nss (2:3.42-1ubuntu2.1) disco-security; urgency=medium . * SECURITY UPDATE: OOB read when importing a curve25519 private key - debian/patches/CVE-2019-11719.patch: don't unnecessarily strip leading 0's from key material during PKCS11 import in nss/lib/freebl/ecl/ecp_25519.c, nss/lib/pk11wrap/pk11akey.c, nss/lib/pk11wrap/pk11cert.c, nss/lib/pk11wrap/pk11pk12.c, nss/lib/softoken/legacydb/lgattr.c, nss/lib/softoken/pkcs11c.c. - CVE-2019-11719 * SECURITY UPDATE: incorrect use of PKCS#1 v1.5 signatures with TLSv1.3 - debian/patches/CVE-2019-11727.patch: prohibit use of RSASSA-PKCS1-v1_5 algorithms in TLS 1.3 in nss/gtests/ssl_gtest/ssl_auth_unittest.cc, nss/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc, nss/gtests/ssl_gtest/ssl_extension_unittest.cc, nss/lib/ssl/ssl3con.c. - CVE-2019-11727 * SECURITY UPDATE: segfault via empty or malformed p256-ECDH public keys - debian/patches/CVE-2019-11729-1.patch: more thorough input checking in nss/lib/cryptohi/seckey.c, nss/lib/freebl/dh.c, nss/lib/freebl/ec.c, nss/lib/util/quickder.c. - debian/patches/CVE-2019-11729-2.patch: ignore spki decode failures on negative tests in nss/gtests/pk11_gtest/pk11_curve25519_unittest.cc. - CVE-2019-11729 Checksums-Sha1: f0a879eb87dfef8052cbf3f2bd13e034bd585e9f 4870804 libnss3-dbgsym_3.42-1ubuntu2.1_amd64.ddeb 78a106952a2b54440eb4a60ea706d3318279e4f5 224736 libnss3-dev_3.42-1ubuntu2.1_amd64.deb 748b32902b5e8ae51c8be586c18fea93dc4f5b27 6087104 libnss3-tools-dbgsym_3.42-1ubuntu2.1_amd64.ddeb 90ca10b09b7b985a26d74403378bdff16c16425e 874364 libnss3-tools_3.42-1ubuntu2.1_amd64.deb 223163226ec0e698bfc471074a2153fa6d734183 1146400 libnss3_3.42-1ubuntu2.1_amd64.deb 9ecb526ec7202ea5af04a928d37967dd63d9928d 6191 nss_3.42-1ubuntu2.1_amd64.buildinfo Checksums-Sha256: 7583644bcc5055214dd31a9d8fd5713a06c68e84e2f8737ecfa25f9c3fb010a7 4870804 libnss3-dbgsym_3.42-1ubuntu2.1_amd64.ddeb cf6ae02c30501b802c62bd8ed162b2f22789e7ec668176fa82b83c36ea29f459 224736 libnss3-dev_3.42-1ubuntu2.1_amd64.deb ffbde765b8ebc5239695db1fe652446e56a65fb2876122b359b04b2de7f62cbc 6087104 libnss3-tools-dbgsym_3.42-1ubuntu2.1_amd64.ddeb 8c972da74cf313f470fcaae1f58d6c8bba93ec89068af899693b0a3bfb26bd42 874364 libnss3-tools_3.42-1ubuntu2.1_amd64.deb 599200b2a246c52a536daa2fabf48f30a236b8928f3ee01c5c9a667de50172f5 1146400 libnss3_3.42-1ubuntu2.1_amd64.deb 50ac09d9035093c76bcc5a8ae3a1abdb3c3814aee1652da686bf6175880a6322 6191 nss_3.42-1ubuntu2.1_amd64.buildinfo Files: 1834ed8bdcbcbbfad7b345fabed2ebe7 4870804 debug optional libnss3-dbgsym_3.42-1ubuntu2.1_amd64.ddeb bfaaa311a1db924c446c5169dcb9633c 224736 libdevel optional libnss3-dev_3.42-1ubuntu2.1_amd64.deb 8601d5a0ca7b8a7d84c2846e2c5a30a0 6087104 debug optional libnss3-tools-dbgsym_3.42-1ubuntu2.1_amd64.ddeb b1ffc78dc92d53e7570bf139e9c94747 874364 admin optional libnss3-tools_3.42-1ubuntu2.1_amd64.deb eb17b962a9dd9ab713481c2891b410f8 1146400 libs optional libnss3_3.42-1ubuntu2.1_amd64.deb bd7adaefadef4fca6d442e44f9b3f555 6191 libs optional nss_3.42-1ubuntu2.1_amd64.buildinfo Original-Maintainer: Maintainers of Mozilla-related packages