-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 29 Mar 2016 11:57:06 -0400 Source: nss Binary: libnss3 libnss3-1d libnss3-tools libnss3-dev libnss3-dbg Architecture: source amd64 Version: 2:3.14.5-1+deb7u6 Distribution: wheezy-security Urgency: high Maintainer: Maintainers of Mozilla-related packages <pkg-mozilla-maintainers@lists.alioth.debian.org> Changed-By: Antoine Beaupré <anarcat@debian.org> Description: libnss3 - Network Security Service libraries libnss3-1d - Network Security Service libraries - transitional package libnss3-dbg - Debugging symbols for the Network Security Service libraries libnss3-dev - Development files for the Network Security Service libraries libnss3-tools - Network Security Service tools Changes: nss (2:3.14.5-1+deb7u6) wheezy-security; urgency=high . [ Guido Günther ] * Non-maintainer upload by the Security Team. * Add CVE-2015-7182.patch: CVE-2015-7182: Heap-based buffer overflow in the ASN.1 decoder * Add CVE-2015-7181.patch: CVE-2015-7181: The sec_asn1d_parse_leaf function improperly restricts access to an unspecified data structure * Add autopkgtest for certificate generation/signing and library linking . [ Antoine Beaupré ] * Add CVE-2016-1938.patch, ported from squeeze: CVE-2016-1938: The s_mp_div function in lib/freebl/mpi/mpi.c in improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms * Add CVE-2016-1950.patch: CVE-2016-1950: Heap-based buffer overflow allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. * Add CVE-2016-1978.patch: CVE-2016-1978: Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption. * Add CVE-2016-1979.patch: CVE-2016-1979: Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding. Checksums-Sha1: 5d347cbf27e8930a8170847322773a530b43215f 2193 nss_3.14.5-1+deb7u6.dsc 32f0cd18f7fd98b9ef389d99ea61162af69040cf 62677 nss_3.14.5-1+deb7u6.debian.tar.gz 1fd3ad5db5fa8259027c9c509a0e91ee214373ab 1063410 libnss3_3.14.5-1+deb7u6_amd64.deb 914fe4cc7dc83468248ae8cc875d18a5c05b7eb6 21180 libnss3-1d_3.14.5-1+deb7u6_amd64.deb e654f444f6ecad06981cea801c17907a4a069708 230206 libnss3-tools_3.14.5-1+deb7u6_amd64.deb 97d8772096c5d23da809c8bd91d38420add3dc94 221290 libnss3-dev_3.14.5-1+deb7u6_amd64.deb b13fd374fbd3279ffc81bbd2bbeae32955b8ae93 4840786 libnss3-dbg_3.14.5-1+deb7u6_amd64.deb Checksums-Sha256: 6ed390bd29096fdb0b8900533531efccc5e75474f6483eee26685c8c26090758 2193 nss_3.14.5-1+deb7u6.dsc efc35969625f1324f0f8f347ec3a17d03fc49c6e517718067eed99239e780d9c 62677 nss_3.14.5-1+deb7u6.debian.tar.gz ea9a20a387f49d55efabfdcdfa828c1599077db632d19a19bf8b707a418dc3f0 1063410 libnss3_3.14.5-1+deb7u6_amd64.deb acfdd55e001b062bfefff2d6c58e4eb7bcfdde92f2c10b0ed1e00a7c7c5bed71 21180 libnss3-1d_3.14.5-1+deb7u6_amd64.deb ee1578e875c49c844e03ccc5727af4a35c1567dabeca66ebf3aae3b768cd99a5 230206 libnss3-tools_3.14.5-1+deb7u6_amd64.deb aca59a47566e758932e930cf968f270489d230430b82d562a9eacad24ceec85c 221290 libnss3-dev_3.14.5-1+deb7u6_amd64.deb 737c9761b4fe0ece385ec9ebbdd78c5deaf917ff19db5d6d03857532e9f2227a 4840786 libnss3-dbg_3.14.5-1+deb7u6_amd64.deb Files: 7ae773ac7051429c2998717adaa4e395 2193 libs optional nss_3.14.5-1+deb7u6.dsc f7c0ee6926272cd48d9778e55a0c7cd0 62677 libs optional nss_3.14.5-1+deb7u6.debian.tar.gz 42fec03dc77b4305136305d6788dfc90 1063410 libs optional libnss3_3.14.5-1+deb7u6_amd64.deb 21509894c0164e42119d1ea2f184c4a0 21180 oldlibs extra libnss3-1d_3.14.5-1+deb7u6_amd64.deb 56f5f2be4f5ede974d00414614e80a27 230206 admin optional libnss3-tools_3.14.5-1+deb7u6_amd64.deb 19361c721dc7a0ceec285845b523ba78 221290 libdevel optional libnss3-dev_3.14.5-1+deb7u6_amd64.deb e3ed934e46bdb3b5318652e3d195e331 4840786 debug extra libnss3-dbg_3.14.5-1+deb7u6_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXBs4SAAoJEHkhUlJ7dZIelU4P/1YI7A43qBTD2wWmgsuF6+Tv VEK9X8WK1mhqiNO873Wj3Ti3WmMk5XygnybYbw+vFwVrUeEO4aELQ7NzP7l+kt6y BxOCWkJPrB0h3Y1Myp/m3oCIYM5TbEoGmZswNeZgSHN0+026af/7ad/eDtb4ILeL Y50Ye5u8oHAq6cfMQqHHIXtyffvwgbyFwkjUtRB7rqVJAbojRhn0wgDaeOm9l4MO EGNrJy+N81ROb0De7iLXTNUbwplHNTM9UqFGJ3dSyDimzBIFYdQ5hsidMpum0mYU DUN9a3g89alg/yA/NZsA3OE19hpI9UPUK1hv13sZUokdDwjUCtw/rr5fCfxWcLi9 RBmbWOLLZsheHVn3s1EB4kIKzr/vVx38keT3iWDbu3cULD5nPPpgZxHelrKisq8h y4kLE0XKsKQ+pHG+K//81bf6ug23hQDEYV877einihKbMGuOlPCnLvcDSF1IDnx1 8jf3S1kBt4vbdo//sg1cc3JhXOPZYFH6X4vqF1WP5b1/B+rNOGXthVFistO11HV6 ImshKNKIxKUtu14nVxcANMsLFibnpQvfwj0MhBbK2puhp+KoSDtbQjt+XYzP7bQ0 TbVJzY0tL3O9PY6bYWkr6TzV/0LZgUspSRBVZYSVY96emsNv3V+1d8CSX+CBer/B gVeDjhOk5pzvrNboH619 =mNV0 -----END PGP SIGNATURE-----