nss 2:3.35-2ubuntu2.3 source package in Ubuntu
Changelog
nss (2:3.35-2ubuntu2.3) bionic-security; urgency=medium
* SECURITY UPDATE: OOB read when importing a curve25519 private key
- debian/patches/CVE-2019-11719.patch: don't unnecessarily strip
leading 0's from key material during PKCS11 import in
nss/lib/freebl/ecl/ecp_25519.c, nss/lib/pk11wrap/pk11akey.c,
nss/lib/pk11wrap/pk11cert.c, nss/lib/pk11wrap/pk11pk12.c,
nss/lib/softoken/legacydb/lgattr.c, nss/lib/softoken/pkcs11c.c.
- CVE-2019-11719
* SECURITY UPDATE: segfault via empty or malformed p256-ECDH public keys
- debian/patches/CVE-2019-11729-1.patch: more thorough input checking
in nss/lib/cryptohi/seckey.c, nss/lib/freebl/dh.c,
nss/lib/freebl/ec.c, nss/lib/util/quickder.c.
- debian/patches/CVE-2019-11729-2.patch: ignore spki decode failures on
negative tests in nss/gtests/pk11_gtest/pk11_curve25519_unittest.cc.
- CVE-2019-11729
-- Marc Deslauriers <email address hidden> Fri, 12 Jul 2019 08:16:27 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Bionic
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any
- Section:
- libs
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| nss_3.35.orig.tar.gz | 9.2 MiB | f4127de09bede39f5fd0f789d33c3504c5d261e69ea03022d46b319b3e32f6fa |
| nss_3.35-2ubuntu2.3.debian.tar.xz | 41.4 KiB | a820d8a823193a05aef7ee3534695f41e37173ee98967ab128f6ba67eb2958c5 |
| nss_3.35-2ubuntu2.3.dsc | 2.3 KiB | e2df435da3243286feb02c6d9449db9a5cf0e97fc7c5f562577f241bb558f4b3 |
Available diffs
Binary packages built by this source
- libnss3: Network Security Service libraries
This is a set of libraries designed to support cross-platform development
of security-enabled client and server applications. It can support SSLv2
and v4, TLS, PKCS #5, #7, #11, #12, S/MIME, X.509 v3 certificates and
other security standards.
- libnss3-dbg: Debugging symbols for the Network Security Service libraries
This is a set of libraries designed to support cross-platform development
of security-enabled client and server applications. It can support SSLv2
and v4, TLS, PKCS #5, #7, #11, #12, S/MIME, X.509 v3 certificates and
other security standards.
.
This package provides the debugging symbols for the library.
- libnss3-dev: Development files for the Network Security Service libraries
This is a set of libraries designed to support cross-platform development
of security-enabled client and server applications. It can support SSLv2
and v4, TLS, PKCS #5, #7, #11, #12, S/MIME, X.509 v3 certificates and
other security standards.
.
Install this package if you wish to develop your own programs using the
Network Security Service Libraries.
- libnss3-tools: Network Security Service tools
This is a set of tools on top of the Network Security Service libraries.
This package includes:
* certutil: manages certificate and key databases (cert7.db and key3.db)
* modutil: manages the database of PKCS11 modules (secmod.db)
* pk12util: imports/exports keys and certificates between the cert/key
databases and files in PKCS12 format.
* shlibsign: creates .chk files for use in FIPS mode.
* signtool: creates digitally-signed jar archives containing files and/or
code.
* ssltap: proxy requests for an SSL server and display the contents of
the messages exchanged between the client and server.
