Accepted nss 2:3.42.1-1+deb10u6 (source) into oldstable
- To: debian-lts-changes@lists.debian.org, dispatch@tracker.debian.org
- Subject: Accepted nss 2:3.42.1-1+deb10u6 (source) into oldstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Mon, 20 Feb 2023 14:40:19 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: nss_3.42.1-1+deb10u6_source.changes
- Debian-source: nss
- Debian-suite: oldstable
- Debian-version: 2:3.42.1-1+deb10u6
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=S9OpBi82ya03lo+H0LMEl/O8qsRtUkQFV10tARoqz9Q=; b=mXQ2NetQk/R2UVIaktgU0af5MT IHNWDXMGYGXWNWXh7xrzfK9O/cEOiW8xbx//rh8+YjJ5tPXidLHVfGQLh4tULotyrtX/rjxTojTc9 +okc+pk1JHi27xcfMFZ6Rn434Itn68NUBzc7x/0Z7gr9JxYPWRTGZpzBA/w4sqfl5uTHym1xEsC4T pOf6qlnglU52Kl7yynvN1YO0rGIdaCIpcvcp18okU7B7j1z1udFW1leu9xCcw71guQMT+yPdlXHcg kYxiqbUJ/fLLNyN09WzT8quBgCoUCOzCqf5GLQuDYfPvqqfwg+c/wLUndPJEe2e+rztqwrtZRzaFi pPSe/bIQ==;
- Mail-followup-to: debian-lts@lists.debian.org
- Message-id: <E1pU7L1-009VHk-C5@seger.debian.org>
- Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 20 Feb 2023 15:22:12 CET
Source: nss
Architecture: source
Version: 2:3.42.1-1+deb10u6
Distribution: buster-security
Urgency: high
Maintainer: Maintainers of Mozilla-related packages <team+pkg-mozilla@tracker.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
532be164a626ce554833bd436a0b77fb4a12980d 2346 nss_3.42.1-1+deb10u6.dsc
6c7adec20c592881aaf802bdcb92c68972251f0e 204436 nss_3.42.1-1+deb10u6.debian.tar.xz
a8cef25bc073cf53ebc11b2844ede36bae8814a2 7058 nss_3.42.1-1+deb10u6_amd64.buildinfo
Checksums-Sha256:
56e375356737c19e6d1bd6d3d7a37a2aaec84634f31af603458dd544edc45f0d 2346 nss_3.42.1-1+deb10u6.dsc
65de9b02bed0b63d2b5e7e61e61aebf426cfd64143c01b6d659af4543aa99d10 204436 nss_3.42.1-1+deb10u6.debian.tar.xz
63e80a7f6f117ee43d16c557785657e39dc0014fbeb46ae128d47f6c3d0c109e 7058 nss_3.42.1-1+deb10u6_amd64.buildinfo
Changes:
nss (2:3.42.1-1+deb10u6) buster-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Fix CVE-2020-6829, CVE-2020-12400, CVE-2020-12401, CVE-2020-12403 and
CVE-2023-0767.
Multiple security vulnerabilities have been discovered in nss, the
Network Security Service libraries.
CVE-2020-6829:
When performing EC scalar point multiplication, the wNAF point
multiplication algorithm was used; which leaked partial information about
the nonce used during signature generation. Given an electro-magnetic trace
of a few signature generations, the private key could have been computed.
CVE-2020-12400:
When converting coordinates from projective to affine, the modular
inversion was not performed in constant time, resulting in a possible
timing-based side channel attack.
CVE-2020-12401:
During ECDSA signature generation, padding applied in the nonce designed to
ensure constant-time scalar multiplication was removed, resulting in
variable-time execution dependent on secret data.
CVE-2020-12403:
A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in
versions before 3.55. When using multi-part Chacha20, it could cause
out-of-bounds reads. This issue was fixed by explicitly disabling
multi-part ChaCha20 (which was not functioning correctly) and strictly
enforcing tag length.
CVE-2023-0767:
Christian Holler discovered that incorrect handling of PKCS 12 Safe Bag
attributes may result in execution of arbitrary code if a specially crafted
PKCS 12 certificate bundle is processed.
Files:
3a3f635f89e36c4fae969335af2fea36 2346 libs optional nss_3.42.1-1+deb10u6.dsc
5ca76950032697c23e8632e985574881 204436 libs optional nss_3.42.1-1+deb10u6.debian.tar.xz
800f0ba286dc92b934d32d55e23902b3 7058 libs optional nss_3.42.1-1+deb10u6_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmPzgllfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkWRcQAIEkJi3hvqXUyQmfPjUP6fOMlXFHJB2JKlyn
7sp0E3ysYjP5IW8C16HQ8LxjJ9vV+m36SYanSWlcZP9tcfCm8/6wyizG8dDeRyoc
kiuA1S8LbWGCU5yJHt+64XEL450F9in7wEUdtnCzDLfs+0TW4yeYLZdlWCO6QCSH
q2YlavuOS8g1XUm3lUxavhNUvvbX5UfOqevUS+48Eg+vp+HfBvfZabGFJUjYXj7U
ouZRCX76r2Vp/F3WpOszMzI9AKYX8i89N83p7ZiDVIS6jP+moL+GyVr7s2aaLNoP
qI1BLNRpD5VMM98xfWS8RIQd1KwRpQz0OAMldnpmoTDLJdecLF6PFDVAn4/JCLR4
FYyqV6t4hTnWFknSm3oegRrCQmMzjMoDlcxnDSVkLezNOmne6Hc6MgZv89PMWnwz
71K0Lk4T+G5otcsMRoCnKrglWQM956h2nPAjwu9URhuyU8d3TrefecJBb25ICCDi
8mFb9gzUTArbTGaMoRhAufd9icvSK1H49WRCzb/9NUv1Vn9VjgnRhzLs7Qh3RDp4
Rvobc/f52o85rw8ubO1LPatz7pOxLjkqJdsphxYvRMTizIRq4Uup4vVAP2l5Uux/
UXp2p+BjXpdZg1OkJR3Im3XknPtET59+J/L+OtNMJe2IkzM8H1AVGQA8ZXr42ndu
SORErhyI
=eSte
-----END PGP SIGNATURE-----