[ubuntu/jammy-proposed] nss 2:3.68-1ubuntu2 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Wed Dec 1 18:26:19 UTC 2021
nss (2:3.68-1ubuntu2) jammy; urgency=medium
* SECURITY UPDATE: heap overflow when verifying DSA/RSA-PSS DER-encoded
signatures
- debian/patches/CVE-2021-43527.patch: check signature lengths in
nss/lib/cryptohi/secvfy.c.
- CVE-2021-43527
Date: Mon, 29 Nov 2021 07:12:54 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/nss/2:3.68-1ubuntu2
-------------- next part --------------
Format: 1.8
Date: Mon, 29 Nov 2021 07:12:54 -0500
Source: nss
Built-For-Profiles: noudeb
Architecture: source
Version: 2:3.68-1ubuntu2
Distribution: jammy
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
nss (2:3.68-1ubuntu2) jammy; urgency=medium
.
* SECURITY UPDATE: heap overflow when verifying DSA/RSA-PSS DER-encoded
signatures
- debian/patches/CVE-2021-43527.patch: check signature lengths in
nss/lib/cryptohi/secvfy.c.
- CVE-2021-43527
Checksums-Sha1:
2d4303ba3eed97fd8471d96d43d2d21eeebcfc0d 2262 nss_3.68-1ubuntu2.dsc
c7ce54fd9fd8c8af6e3d12ec61471f5bb086b26a 28152 nss_3.68-1ubuntu2.debian.tar.xz
bdfbea64806e576c7ac05ece05533e450d862f77 6349 nss_3.68-1ubuntu2_source.buildinfo
Checksums-Sha256:
671a6a59461f02b4a3b2bebafef35853d231b116c4a2ddd44530c3e95078d5ce 2262 nss_3.68-1ubuntu2.dsc
f6813fd9e55bf4ef061934704ab90027ed5b1158f8a63749a4d5f5561845a3b1 28152 nss_3.68-1ubuntu2.debian.tar.xz
5a56190faa516f9529237e3908e7834b4f8edb0b2ca7c6434526510b8dd79e20 6349 nss_3.68-1ubuntu2_source.buildinfo
Files:
ccb4a4e54145325e363d2c9e1455a240 2262 libs optional nss_3.68-1ubuntu2.dsc
7fb2673bee75826bcbf6eec2e255549f 28152 libs optional nss_3.68-1ubuntu2.debian.tar.xz
4917ff04c8be894a2b9ac2b1cdbeed30 6349 libs optional nss_3.68-1ubuntu2_source.buildinfo
Original-Maintainer: Maintainers of Mozilla-related packages <team+pkg-mozilla at tracker.debian.org>
More information about the jammy-changes
mailing list