[ubuntu/focal-updates] nss 2:3.98-0ubuntu0.20.04.1 (Accepted)

Ubuntu Archive Robot ubuntu-archive-robot at lists.canonical.com
Wed Apr 10 14:58:26 UTC 2024


nss (2:3.98-0ubuntu0.20.04.1) focal-security; urgency=medium

  * Updated to upstream 3.98 to fix security issues and get a new CA
    certificate bundle.
    - CVE-2023-4421: PKCS#1 v1.5 Bleichenbacher-like attack
    - CVE-2023-5388: timing issue in RSA operations
    - CVE-2023-6135: side-channel in multiple NSS NIST curves
  * Removed patches included in new version:
    - debian/patches/set-tls1.2-as-minimum.patch
    - debian/patches/bz1608327-freebl-arm
    - debian/patches/CVE-*.patch
  * Updated patches for new version:
    - debian/patches/38_hppa.patch
    - debian/patches/85_security_load.patch
    - debian/patches/disable_fips_enabled_read.patch
  * debian/control: bump libnspr version to 2:4.34.
  * debian/libnss3.symbols: added new symbols.

Date: 2024-03-25 14:13:16.197350+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/nss/2:3.98-0ubuntu0.20.04.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the Focal-changes mailing list