UbuntuUpdates.org

Package "libnss3-tools"

Name: libnss3-tools

Description:

Network Security Service tools

Latest version: 2:3.28.4-0ubuntu0.12.04.11
Release: precise (12.04)
Level: updates
Repository: universe
Head package: nss
Homepage: http://www.mozilla.org/projects/security/pki/nss/tools/

Links


Download "libnss3-tools"


Other versions of "libnss3-tools" in Precise

Repository Area Version
base universe 3.13.1.with.ckbi.1.88-1ubuntu6
security universe 2:3.28.4-0ubuntu0.12.04.11

Changelog

Version: 2:3.28.4-0ubuntu0.12.04.11 2021-05-03 16:06:23 UTC

  nss (2:3.28.4-0ubuntu0.12.04.11) precise-security; urgency=medium

  * SECURITY UPDATE: Out-of-bounds read
    - debian/patches/CVE-2020-12403-2.patch: fix incorrect call to ChaChaPoly1305 by PKCS11
      in nss/lib/freebl/chacha20poly1305.c.
    - CVE-2020-12403

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 24 Aug 2020 15:58:35 -0300

Source diff to previous version

Version: 2:3.26.2-0ubuntu0.12.04.1 2017-01-04 18:06:41 UTC

  nss (2:3.26.2-0ubuntu0.12.04.1) precise-security; urgency=medium

  * Updated to upstream 3.26.2 to fix security issues and get a new CA
    certificate bundle.
  * SECURITY UPDATE: denial of service via invalid DH keys
    - CVE-2016-5285
  * SECURITY UPDATE: small subgroup confinement attack
    - CVE-2016-8635
  * SECURITY UPDATE: insufficient mitigation of timing side-channel attack
    - CVE-2016-9074
  * debian/rules: added libfreeblpriv3.so.
  * debian/libnss3.symbols: updated for new version, added
    SSL_GetCipherSuiteInfo and SSL_GetChannelInfo as they are not backwards
    compatible.
  * debian/patches/*.patch: refreshed for new version.
  * debian/rules: disable tests that fail to build with old GCC.
  * debian/patches/disable_chacha_test.patch: removed, no longer required.

 -- Marc Deslauriers <email address hidden> Fri, 02 Dec 2016 13:27:18 -0500

Source diff to previous version
CVE-2016-8635 small-subgroups attack flaw
CVE-2016-9074 existing mitigation of timing side-channel attacks insufficient

Version: 2:3.23-0ubuntu0.12.04.1 2016-07-11 20:06:54 UTC

  nss (2:3.23-0ubuntu0.12.04.1) precise-security; urgency=medium

  * Updated to upstream 3.23 to fix a security issue and get a new CA
    certificate bundle.
  * SECURITY UPDATE: multiple memory safety issues
    - CVE-2016-2834
  * debian/control: bump libnspr4-dev Build-Depends to 4.12.
  * debian/libnss3.symbols: updated for new version.
  * debian/patches/CVE-2016-1950.patch: dropped, upstream.
  * debian/patches/relax_dh_size.patch: removed, now require a minimum DH
    size of 1023 bits.
  * debian/patches/disable_chacha_test.patch: disable test incompatible
    with precise's old gcc.
  * debian/patches/*.patch: refreshed for new version.

 -- Marc Deslauriers <email address hidden> Thu, 07 Jul 2016 14:46:46 -0400

Source diff to previous version
CVE-2016-2834 Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (me
CVE-2016-1950 Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox

Version: 2:3.21-0ubuntu0.12.04.3 2016-03-09 18:06:53 UTC

  nss (2:3.21-0ubuntu0.12.04.3) precise-security; urgency=medium

  * SECURITY UPDATE: buffer overflow during ASN.1 decoding
    - debian/patches/CVE-2016-1950.patch: check lengths in
      nss/lib/util/secasn1d.c.
    - CVE-2016-1950

 -- Marc Deslauriers <email address hidden> Wed, 09 Mar 2016 07:38:47 -0500

Source diff to previous version

Version: 2:3.21-0ubuntu0.12.04.2 2016-02-23 18:06:54 UTC

  nss (2:3.21-0ubuntu0.12.04.2) precise-security; urgency=medium

  * debian/rules: fix versioning since the last update incorrectly added
    an epoch. (LP: #1547147)

 -- Marc Deslauriers <email address hidden> Mon, 22 Feb 2016 10:10:25 -0500

1547147 libnss3-dev adds epoch 2 to the Version in pkg-config's pc file



About   -   Send Feedback to @ubuntu_updates