[ubuntu/focal-updates] nss 2:3.49.1-1ubuntu1.4 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Mon Aug 10 18:28:29 UTC 2020


nss (2:3.49.1-1ubuntu1.4) focal-security; urgency=medium

  * SECURITY UPDATE: Side-channel attack
    - debian/patches/CVE-2020-12400-and-6829-*.patch: use constant-time
      P-384 and P-521 in nss/lib/freebl/ecl/ecl-priv.h, nss/lib/freebl/ecl/ecl.c,
      nss/lib/freebl/ecl/ecl_spec384r1.c, nss/lib/freebl/freebl_base.gypi,
      nss/lib/freebl/manifest.mn, nss/test/ec/ectest.sh.
    - CVE-2020-12400
    - CVE-2020-6829
  * SECURITY UPDATE: Timing attack mitigation bypass
    - debian/patches/CVE-2020-12401.patch: remove unnecessary scalar
      padding in nss/lib/freebl/ec.c.
    - CVE-2020-12401

nss (2:3.49.1-1ubuntu1.3) focal; urgency=medium

  * Symlink chk files to fix self-verification in FIPS mode (LP: #1885562)

Date: 2020-08-06 18:01:17.721730+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/nss/2:3.49.1-1ubuntu1.4
-------------- next part --------------
Sorry, changesfile not available.


More information about the Focal-changes mailing list