[ubuntu/focal-security] nss 2:3.49.1-1ubuntu1.7 (Accepted)
David Fernandez Gonzalez
david.fernandezgonzalez at canonical.com
Wed May 11 07:32:13 UTC 2022
nss (2:3.49.1-1ubuntu1.7) focal-security; urgency=medium
* SECURITY UPDATE: Denial of service through ChangeCipherSpec
- debian/patches/CVE-2020-25648-1.patch: reject CCS when
compatibility is not specify or if many CCS in a row in
nss/gtests/ssl_gtest/ssl_tls13compat_unittest.cc,
nss/lib/ssl/ssl3con.c and nss/lib/ssl/sslimpl.h.
- debian/patches/CVE-2020-25648-2.patch: reject multiple CCS
packages but allow the first one in
nss/gtests/ssl_gtest/ssl_tls13compat_unittest.cc,
nss/lib/ssl/ssl3con.c and nss/lib/ssl/sslimpl.h.
- CVE-2020-25648
Date: 2022-05-10 13:12:21.678597+00:00
Changed-By: David Fernandez Gonzalez <david.fernandezgonzalez at canonical.com>
https://launchpad.net/ubuntu/+source/nss/2:3.49.1-1ubuntu1.7
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list