Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits: 121e7aee by Markus Koschany at 2023-02-20T16:11:24+01:00 Reserve DLA-3327-1 for nss - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -211474,7 +211474,6 @@ CVE-2020-12404 (For native-to-JS bridging the app requires a unique token to be CVE-2020-12403 (A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS i ...) {DLA-2388-1} - nss 2:3.55-1 - [buster] - nss <no-dsa> (Minor issue) NOTE: https://hg.mozilla.org/projects/nss/rev/f282556e6cc7715f5754aeaadda6f902590e7e38 NOTE: https://hg.mozilla.org/projects/nss/rev/c25adfdfab34ddb08d3262aac3242e3399de1095 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1636771 @@ -211488,7 +211487,6 @@ CVE-2020-12401 (During ECDSA signature generation, padding applied in the nonce {DLA-2388-1} - firefox 80.0-1 - nss 2:3.55-1 - [buster] - nss <no-dsa> (Minor issue) NOTE: https://hg.mozilla.org/projects/nss/rev/aeb2e583ee957a699d949009c7ba37af76515c20 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1631573 (private) NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes @@ -211497,7 +211495,6 @@ CVE-2020-12400 (When converting coordinates from projective to affine, the modul {DLA-2388-1} - firefox 80.0-1 - nss 2:3.55-1 - [buster] - nss <no-dsa> (Minor issue) NOTE: https://hg.mozilla.org/projects/nss/rev/e55ab3145546ae3cf1333b43956a974675d2d25c NOTE: https://hg.mozilla.org/projects/nss/rev/3f022d5eca5d3cd0e366a825a5681953d76299d0 NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes @@ -227156,7 +227153,6 @@ CVE-2020-6829 (When performing EC scalar point multiplication, the wNAF point mu {DLA-2388-1} - firefox 80.0-1 - nss 2:3.55-1 - [buster] - nss <no-dsa> (Minor issue) NOTE: https://hg.mozilla.org/projects/nss/rev/e55ab3145546ae3cf1333b43956a974675d2d25c NOTE: https://hg.mozilla.org/projects/nss/rev/3f022d5eca5d3cd0e366a825a5681953d76299d0 NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes ===================================== data/DLA/list ===================================== @@ -1,3 +1,6 @@ +[20 Feb 2023] DLA-3327-1 nss - security update + {CVE-2020-6829 CVE-2020-12400 CVE-2020-12401 CVE-2020-12403 CVE-2023-0767} + [buster] - nss 2:3.42.1-1+deb10u6 [20 Feb 2023] DLA-3326-1 isc-dhcp - security update [buster] - isc-dhcp 4.4.1-2+deb10u3 [20 Feb 2023] DLA-3325-1 openssl - security update ===================================== data/dla-needed.txt ===================================== @@ -199,10 +199,6 @@ nodejs NOTE: 20221105: Source code not checked. It may be so that the vulnerability is not present in buster. NOTE: 20221209: Testsuite: https://lts-team.pages.debian.net/wiki/TestSuites/nodejs.html -- -nss (Markus Koschany) - NOTE: 20230219: Programming language: C. - NOTE: 20230219: VCS: https://salsa.debian.org/lts-team/packages/nss.git --- nvidia-graphics-drivers NOTE: 20221225: Programming language: binary blob. NOTE: 20230103: Cf. on-going discussion on nvidia support (Beuc/front-desk) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/121e7aee475909e691d33c6698d0cfed22806fe9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/121e7aee475909e691d33c6698d0cfed22806fe9 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits