-
nss (2:3.28.4-0ubuntu0.16.10.2) yakkety-security; urgency=medium
* SECURITY UPDATE: DoS via empty SSLv2 messages
- debian/patches/CVE-2017-7502.patch: reject broken v2 records in
nss/lib/ssl/ssl3gthr.c, nss/lib/ssl/ssldef.c, nss/lib/ssl/sslimpl.h,
added tests to nss/gtests/ssl_gtest/ssl_gather_unittest.cc,
nss/gtests/ssl_gtest/ssl_gtest.gyp, nss/gtests/ssl_gtest/manifest.mn,
nss/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc.
- CVE-2017-7502
-- Marc Deslauriers <email address hidden> Fri, 16 Jun 2017 08:13:22 -0400
-
nss (2:3.28.4-0ubuntu0.16.10.1) yakkety-security; urgency=medium
* Updated to upstream 3.28.4 to fix security issues and get a new CA
certificate bundle.
* SECURITY UPDATE: DES and Triple DES ciphers birthday attack
- CVE-2016-2183
* SECURITY UPDATE: out-of-bounds write in Base64 decoding
- CVE-2017-5461
* debian/patches/*.patch: refreshed for new version.
* debian/control: bump libnspr4-dev to 4.13.1.
* debian/libnss3.symbols: added new symbols.
-- Marc Deslauriers <email address hidden> Wed, 26 Apr 2017 10:25:43 -0400
-
nss (2:3.26.2-0ubuntu0.16.10.1) yakkety-security; urgency=medium
* Updated to upstream 3.26.2 to fix a security issue.
* SECURITY UPDATE: insufficient mitigation of timing side-channel attack
- CVE-2016-9074
* debian/libnss3.symbols: add SSL_GetCipherSuiteInfo and
SSL_GetChannelInfo as they are not backwards compatible.
-- Marc Deslauriers <email address hidden> Fri, 02 Dec 2016 09:05:09 -0500
-
nss (2:3.26-1ubuntu1) yakkety; urgency=medium
* Merge with Debian; remaining changes:
- When building with -O3, build with -Wno-error=maybe-uninitialized.
nss (2:3.26-1) unstable; urgency=medium
* New upstream release.
* debian/watch: Update such that uscan --download-version works.
* debian/control, debian/libnss3-1d.*, debian/libnss3.symbols: Remove the
libnss3-1d* transitional packages.
* debian/rules:
- Always set CCC to CXX. Thanks Helmut Grohne. Closes: #806292.
- Override KERNEL when cross building for a different OS. Closes: #810579.
* debian/control: Split Depends/Build-Depends/Conflicts. Thanks Guido Günther.
Closes: #806634.
-- Matthias Klose <email address hidden> Tue, 06 Sep 2016 14:39:56 +0200
-
nss (2:3.26-1) unstable; urgency=medium
* New upstream release.
* debian/watch: Update such that uscan --download-version works.
* debian/control, debian/libnss3-1d.*, debian/libnss3.symbols: Remove the
libnss3-1d* transitional packages.
* debian/rules:
- Always set CCC to CXX. Thanks Helmut Grohne. Closes: #806292.
- Override KERNEL when cross building for a different OS. Closes: #810579.
* debian/control: Split Depends/Build-Depends/Conflicts. Thanks Guido Günther.
Closes: #806634.
-- Mike Hommey <email address hidden> Tue, 16 Aug 2016 16:33:15 +0900
-
nss (2:3.25-1ubuntu1) yakkety; urgency=medium
* When building with -O3, build with -Wno-error=maybe-uninitialized.
-- Matthias Klose <email address hidden> Thu, 04 Aug 2016 11:36:54 +0200
-
nss (2:3.25-1) unstable; urgency=medium
* New upstream release.
* debian/libnss3.symbols, debian/rules: Add the new libfreeblpriv3 library.
* debian/libnss3.symbols: Add NSS_3.24 and NSSUTIL_3.24 symbol versions.
-- Mike Hommey <email address hidden> Wed, 03 Aug 2016 10:23:13 +0900
-
nss (2:3.23-2) unstable; urgency=medium
* debian/control, debian/rules: Leave it to dh_makeshlibs to do the right
thing wrt ldconfig. This requires debhelper 9.20160403. Closes: #811124.
-- Mike Hommey <email address hidden> Sun, 03 Apr 2016 18:29:02 +0900
-
nss (2:3.21-1ubuntu4) xenial; urgency=medium
* SECURITY UPDATE: buffer overflow during ASN.1 decoding
- debian/patches/CVE-2016-1950.patch: check lengths in
nss/lib/util/secasn1d.c.
- CVE-2016-1950
-- Marc Deslauriers <email address hidden> Wed, 09 Mar 2016 07:35:32 -0500