Change logs for nss source package in Quantal

nss (3.15.4-0ubuntu0.12.10.2) quantal-security; urgency=medium

  * SECURITY UPDATE: incorrect IDNA wildcard handling
    - debian/patches/CVE-2014-1492.patch: conform to RFC 6125 in
      nss/lib/certdb/certdb.c.
    - CVE-2014-1492
  * No longer ship cacert.org certificates. (LP: #1258286)
    - removed debian/patches/95_add_spi+cacert_ca_certs.patch
    - added debian/patches/95_add_spi_certs.patch
 -- Marc Deslauriers <email address hidden>   Wed, 02 Apr 2014 10:21:09 -0400

nss (3.15.4-0ubuntu0.12.10.1) quantal-security; urgency=medium

  * SECURITY UPDATE: MITM attack via TLS False Start
    - CVE-2013-1740
  * Adjusted packaging for new upstream release 3.15.4:
    - debian/patches/*: refreshed.
    - debian/libnss3.symbols: added new symbols.
 -- Marc Deslauriers <email address hidden>   Wed, 22 Jan 2014 15:16:14 -0500

nss (3.15.3.1-0ubuntu0.12.10.1) quantal-security; urgency=low

  * SECURITY UPDATE: New upstream release (LP: #1263135)
    - Distrusts AC DG Tresor SSL CA
 -- Marc Deslauriers <email address hidden>   Fri, 20 Dec 2013 10:51:11 -0500

nss (3.15.3-0ubuntu0.12.10.1) quantal-security; urgency=low

  * SECURITY UPDATE: New upstream release to fix multiple security issues
    and add TLSv1.2 support.
    - CVE-2013-1739
    - CVE-2013-1741
    - CVE-2013-5605
    - CVE-2013-5606
  * Adjusted packaging for 3.15.3:
    - debian/patches/*: refreshed.
    - debian/patches/lower-dhe-priority.patch: removed, no longer needed,
      was a workaround for an old version of firefox.
    - debian/libnss3.symbols: added new symbols.
    - debian/rules: updated for new source layout.
 -- Marc Deslauriers <email address hidden>   Thu, 14 Nov 2013 14:58:07 -0500

nss (3.14.3-0ubuntu0.12.10.1) quantal-security; urgency=low

  * SECURITY UPDATE: New upstream release to fix TLS timing side-channel
    attacks
    - CVE-2013-1620
  * Remaining changes:
    - 94_ckbi-1.93.patch: Dropped (included upstream)
    - 38_hurd.patch: refresh
    - 38_kbsd.patch: refresh/update
    - 80_security_tools.patch
    - 85_security_load.patch
    - 95_add_spi+cacert_ca_certs.patch
    - 97_SSL_RENEGOTIATE_TRANSITIONAL.patch
    - lower-dhe-priority.patch
  * debian/libnss3.symbols: add NSS_3.14.3 symbols
 -- Jamie Strandboge <email address hidden>   Wed, 13 Mar 2013 11:15:25 -0500

nss (3.14.1-0ckbi1.93ubuntu.0.12.10.1) quantal-security; urgency=low

  * New upstream release. Dropped the following patches:
    - debian/patches/90_realpath.patch (included upstream)
    - debian/patches/91_build_pwdecrypt.patch (included upstream)
    - debian/patches/96_NSS_VersionCheck.patch (included upstream)
    - debian/patches/98_fix_header_error.patch (included upstream)
    - debian/patches/protect-against-calls-before-nss_init.patch (included
      upstream)
    - debian/patches/CVE-2012-0441.patch (included upstream)
  * debian/patches/38_hurd.patch: refresh
  * debian/patches/38_kbsd.patch: refresh/update based on Debian
  * debian/patches/80_security_tools.patch: refresh
  * debian/patches/85_security_load.patch: refresh
  * debian/patches/95_add_spi+cacert_ca_certs.patch: updated
  * debian/patches/97_SSL_RENEGOTIATE_TRANSITIONAL.patch: refresh
  * debian/patches/lower-dhe-priority.patch: refresh/update based on Debian
  * SECURITY UPDATE: distrust improperly issued TURKTRUST intermediate CAs
    - debian/patches/94_ckbi-1.9.patch: update to CKBI 1.93 by using
      mozilla/security/nss/lib/ckfw/builtins/certdata.txt from upstream and
      updating mozilla/security/nss/lib/ckfw/builtins/nssckbi.h. Apply this
      before 95_add_spi+cacert_ca_certs.patch since it keeps this patch clean
      and underscores that SPI and CACERT are not part of upstream Roots.
    - CVE-2013-0743
  * debian/libnss3.symbols: add NSS_3.13.2, NSS_3.14, NSS_3.14.1, and
    NSSUTIL_3.14 symbols
 -- Jamie Strandboge <email address hidden>   Thu, 10 Jan 2013 16:41:16 -0600

nss (3.13.1.with.ckbi.1.88-1ubuntu7) quantal-proposed; urgency=low

  * SECURITY UPDATE: denial of service in QuickDER decoder
    - debian/patches/CVE-2012-0441.patch: properly handle zero-length basic
      constraints and zero-length fields in
      nss/mozilla/security/nss/lib/softoken/legacydb/keydb.c,
      nss/mozilla/security/nss/lib/softoken/legacydb/lgcreate.c,
      nss/mozilla/security/nss/lib/softoken/legacydb/lowkey.c,
      nss/mozilla/security/nss/lib/softoken/legacydb/lowkeyti.h,
      nss/mozilla/security/nss/lib/util/quickder.c.
    - CVE-2012-0441
 -- Marc Deslauriers <email address hidden>   Thu, 16 Aug 2012 10:57:28 -0400

nss (3.13.1.with.ckbi.1.88-1ubuntu6) precise; urgency=low

  * Add protect-against-calls-before-nss_init.patch (RHBZ #784672).
 -- Timo Aaltonen <email address hidden>   Mon, 27 Feb 2012 14:45:29 +0200