Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
121e7aee by Markus Koschany at 2023-02-20T16:11:24+01:00
Reserve DLA-3327-1 for nss
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -211474,7 +211474,6 @@ CVE-2020-12404 (For native-to-JS bridging the app
requires a unique token to be
CVE-2020-12403 (A flaw was found in the way CHACHA20-POLY1305 was implemented
in NSS i ...)
{DLA-2388-1}
- nss 2:3.55-1
- [buster] - nss <no-dsa> (Minor issue)
NOTE:
https://hg.mozilla.org/projects/nss/rev/f282556e6cc7715f5754aeaadda6f902590e7e38
NOTE:
https://hg.mozilla.org/projects/nss/rev/c25adfdfab34ddb08d3262aac3242e3399de1095
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1636771
@@ -211488,7 +211487,6 @@ CVE-2020-12401 (During ECDSA signature generation,
padding applied in the nonce
{DLA-2388-1}
- firefox 80.0-1
- nss 2:3.55-1
- [buster] - nss <no-dsa> (Minor issue)
NOTE:
https://hg.mozilla.org/projects/nss/rev/aeb2e583ee957a699d949009c7ba37af76515c20
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1631573 (private)
NOTE:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes
@@ -211497,7 +211495,6 @@ CVE-2020-12400 (When converting coordinates from
projective to affine, the modul
{DLA-2388-1}
- firefox 80.0-1
- nss 2:3.55-1
- [buster] - nss <no-dsa> (Minor issue)
NOTE:
https://hg.mozilla.org/projects/nss/rev/e55ab3145546ae3cf1333b43956a974675d2d25c
NOTE:
https://hg.mozilla.org/projects/nss/rev/3f022d5eca5d3cd0e366a825a5681953d76299d0
NOTE:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes
@@ -227156,7 +227153,6 @@ CVE-2020-6829 (When performing EC scalar point
multiplication, the wNAF point mu
{DLA-2388-1}
- firefox 80.0-1
- nss 2:3.55-1
- [buster] - nss <no-dsa> (Minor issue)
NOTE:
https://hg.mozilla.org/projects/nss/rev/e55ab3145546ae3cf1333b43956a974675d2d25c
NOTE:
https://hg.mozilla.org/projects/nss/rev/3f022d5eca5d3cd0e366a825a5681953d76299d0
NOTE:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[20 Feb 2023] DLA-3327-1 nss - security update
+ {CVE-2020-6829 CVE-2020-12400 CVE-2020-12401 CVE-2020-12403
CVE-2023-0767}
+ [buster] - nss 2:3.42.1-1+deb10u6
[20 Feb 2023] DLA-3326-1 isc-dhcp - security update
[buster] - isc-dhcp 4.4.1-2+deb10u3
[20 Feb 2023] DLA-3325-1 openssl - security update
=====================================
data/dla-needed.txt
=====================================
@@ -199,10 +199,6 @@ nodejs
NOTE: 20221105: Source code not checked. It may be so that the vulnerability
is not present in buster.
NOTE: 20221209: Testsuite:
https://lts-team.pages.debian.net/wiki/TestSuites/nodejs.html
--
-nss (Markus Koschany)
- NOTE: 20230219: Programming language: C.
- NOTE: 20230219: VCS: https://salsa.debian.org/lts-team/packages/nss.git
---
nvidia-graphics-drivers
NOTE: 20221225: Programming language: binary blob.
NOTE: 20230103: Cf. on-going discussion on nvidia support (Beuc/front-desk)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/121e7aee475909e691d33c6698d0cfed22806fe9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/121e7aee475909e691d33c6698d0cfed22806fe9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
