Accepted nss 2:3.26.2-1.1+deb9u2 (source) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 29 Sep 2020 16:33:20 +0300
Source: nss
Binary: libnss3 libnss3-tools libnss3-dev libnss3-dbg
Architecture: source
Version: 2:3.26.2-1.1+deb9u2
Distribution: stretch-security
Urgency: medium
Maintainer: Maintainers of Mozilla-related packages <pkg-mozilla-maintainers@lists.alioth.debian.org>
Changed-By: Adrian Bunk <bunk@debian.org>
Description:
libnss3 - Network Security Service libraries
libnss3-dbg - Debugging symbols for the Network Security Service libraries
libnss3-dev - Development files for the Network Security Service libraries
libnss3-tools - Network Security Service tools
Changes:
nss (2:3.26.2-1.1+deb9u2) stretch-security; urgency=medium
.
* Non-maintainer upload by the LTS team.
* CVE-2018-12404: Cache side-channel variant of the
Bleichenbacher attack.
* CVE-2018-18508: NULL pointer dereference in several CMS functions
resulting in a denial of service.
* CVE-2019-11719: Out-of-bounds read when importing curve25519
private key.
* CVE-2019-11729: Empty or malformed p256-ECDH public keys may
trigger a segmentation fault.
* CVE-2019-11745: Out-of-bounds write when encrypting with
a block cipher.
* CVE-2019-17006: Some cryptographic primitives did not check the
length of the input text, potentially resulting in overflows.
* CVE-2019-17007: Handling of Netscape Certificate Sequences
may crash with a NULL deref leading to a denial of service.
* CVE-2020-12399: Force a fixed length for DSA exponentiation.
* CVE-2020-6829, CVE-2020-12400: Side channel attack on ECDSA
signature generation.
* CVE-2020-12401: ECDSA timing attack mitigation bypass.
* CVE-2020-12402: Side channel vulnerabilities during
RSA key generation.
* CVE-2020-12403: CHACHA20-POLY1305 decryption with undersized tag
leads to out-of-bounds read.
Checksums-Sha1:
f583344d50e7b18e77334a02a284c6250a4ef808 2276 nss_3.26.2-1.1+deb9u2.dsc
40c178e9aa416b76c169a1f425d4852d56fa1232 7388390 nss_3.26.2.orig.tar.gz
963b2c84b96aadb627553e4c03317644f79be929 249836 nss_3.26.2-1.1+deb9u2.debian.tar.xz
Checksums-Sha256:
84a4159632a2a585a85313a3a474e393672593aa45fb4025bd198e5cc30e68cf 2276 nss_3.26.2-1.1+deb9u2.dsc
13a40a2f97edf5fab3d4c7fdd928e77df36dc539cd8354b6b5d79ab93a131a5a 7388390 nss_3.26.2.orig.tar.gz
7f0a5199349c5b1b8e961b6aa14530c31715126a6cac8eaeb3675fd20796a374 249836 nss_3.26.2-1.1+deb9u2.debian.tar.xz
Files:
046708f5fae1abe2a8b0372fe506676c 2276 libs optional nss_3.26.2-1.1+deb9u2.dsc
643b46c81a1235a81459d853a084e401 7388390 libs optional nss_3.26.2.orig.tar.gz
640f8cfc78fc736cb9f83d367bcbda6b 249836 libs optional nss_3.26.2-1.1+deb9u2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl9zQ5cACgkQiNJCh6LY
mLEeow//RlzVJUHJYm+5aop6iR9SON3W5tWpQxaH7X1w9RNQEj0AMbwO1N1UXb2W
riO/Qh/uN4atMtsq3yMWv9CrHx51X+Nll5kIWz0vddwx5dcnp1f/VnxVcqpQwC9n
vDAOOeLeiDPLMZS/3HAx3CEMGKmN63/dAaR4SOVN1veTg5rEnSZZuuclviFQgrpg
udBESbumXEgav2jIiYMkVsFKnqUeb2EJBcdkXmndEQJ3C0vaObf+QC/v3QMkvVSm
FivaeLdluDlHqZvNkGezlZ92kQbB+FCvEiHduLLwaFP+LWLTcOUaMV2Zeumr32sT
UuURZHuteS4Y4/qQEDjgab9hdMDN6MPkCEpG44/Oi8mSOTtwc3KQelDxn9wPb44p
kDi0PzFzYdTkfKBglwqTRLK/wTpUdiYLqgxnLsb0xsrjWFp6AUpAVnFlZDfXCl4a
m+Gkw+yQbOBvFjQuDJJCOgW32Bj3UaRtx2ba/jxWM097LRV+6ptknL43BSiDm8iy
8JIOhZbIzouHXH+VbbqohYMCymzh5Q3xKWORmDqQZyMDLbv2Nwje5HhnEI8UMmKg
43kGMW6RDqUtFNKgKMmLOQeZ99tz3AWXmcjN2mURxqwEgvb0ocviWHFBDjxyQ1u3
OMPsSVP3R/p3jUKyyCo1u645Yp9Nysa28amrdfHzWJTwXT6NxfY=
=oYE4
-----END PGP SIGNATURE-----