lp://staging/ubuntu/quantal-updates/nss
- Get this branch:
- bzr branch lp://staging/ubuntu/quantal-updates/nss
Branch merges
Related source package recipes
Branch information
Recent revisions
- 45. By Marc Deslauriers
-
* SECURITY UPDATE: incorrect IDNA wildcard handling
- debian/patches/ CVE-2014- 1492.patch: conform to RFC 6125 in
nss/lib/certdb/ certdb. c.
- CVE-2014-1492
* No longer ship cacert.org certificates. (LP: #1258286)
- removed debian/patches/ 95_add_ spi+cacert_ ca_certs. patch
- added debian/patches/ 95_add_ spi_certs. patch - 44. By Marc Deslauriers
-
* SECURITY UPDATE: MITM attack via TLS False Start
- CVE-2013-1740
* Adjusted packaging for new upstream release 3.15.4:
- debian/patches/*: refreshed.
- debian/libnss3. symbols: added new symbols. - 43. By Marc Deslauriers
-
* SECURITY UPDATE: New upstream release (LP: #1263135)
- Distrusts AC DG Tresor SSL CA - 42. By Marc Deslauriers
-
* SECURITY UPDATE: New upstream release to fix multiple security issues
and add TLSv1.2 support.
- CVE-2013-1739
- CVE-2013-1741
- CVE-2013-5605
- CVE-2013-5606
* Adjusted packaging for 3.15.3:
- debian/patches/*: refreshed.
- debian/patches/ lower-dhe- priority. patch: removed, no longer needed,
was a workaround for an old version of firefox.
- debian/libnss3. symbols: added new symbols.
- debian/rules: updated for new source layout. - 41. By Jamie Strandboge
-
* SECURITY UPDATE: New upstream release to fix TLS timing side-channel
attacks
- CVE-2013-1620
* Remaining changes:
- 94_ckbi-1.93.patch: Dropped (included upstream)
- 38_hurd.patch: refresh
- 38_kbsd.patch: refresh/update
- 80_security_tools.patch
- 85_security_load.patch
- 95_add_spi+cacert_ ca_certs. patch
- 97_SSL_RENEGOTIATE_ TRANSITIONAL. patch
- lower-dhe-priority. patch
* debian/libnss3. symbols: add NSS_3.14.3 symbols - 40. By Jamie Strandboge
-
* New upstream release. Dropped the following patches:
- debian/patches/ 90_realpath. patch (included upstream)
- debian/patches/ 91_build_ pwdecrypt. patch (included upstream)
- debian/patches/ 96_NSS_ VersionCheck. patch (included upstream)
- debian/patches/ 98_fix_ header_ error.patch (included upstream)
- debian/patches/ protect- against- calls-before- nss_init. patch (included
upstream)
- debian/patches/ CVE-2012- 0441.patch (included upstream)
* debian/patches/ 38_hurd. patch: refresh
* debian/patches/ 38_kbsd. patch: refresh/update based on Debian
* debian/patches/ 80_security_ tools.patch: refresh
* debian/patches/ 85_security_ load.patch: refresh
* debian/patches/ 95_add_ spi+cacert_ ca_certs. patch: updated
* debian/patches/ 97_SSL_ RENEGOTIATE_ TRANSITIONAL. patch: refresh
* debian/patches/ lower-dhe- priority. patch: refresh/update based on Debian
* SECURITY UPDATE: distrust improperly issued TURKTRUST intermediate CAs
- debian/patches/ 94_ckbi- 1.9.patch: update to CKBI 1.93 by using
mozilla/security/ nss/lib/ ckfw/builtins/ certdata. txt from upstream and
updating mozilla/security/ nss/lib/ ckfw/builtins/ nssckbi. h. Apply this
before 95_add_spi+cacert_ ca_certs. patch since it keeps this patch clean
and underscores that SPI and CACERT are not part of upstream Roots.
- CVE-2013-0743
* debian/libnss3. symbols: add NSS_3.13.2, NSS_3.14, NSS_3.14.1, and
NSSUTIL_3.14 symbols - 39. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service in QuickDER decoder
- debian/patches/ CVE-2012- 0441.patch: properly handle zero-length basic
constraints and zero-length fields in
nss/mozilla/ security/ nss/lib/ softoken/ legacydb/ keydb.c,
nss/mozilla/ security/ nss/lib/ softoken/ legacydb/ lgcreate. c,
nss/mozilla/ security/ nss/lib/ softoken/ legacydb/ lowkey. c,
nss/mozilla/ security/ nss/lib/ softoken/ legacydb/ lowkeyti. h,
nss/mozilla/ security/ nss/lib/ util/quickder. c.
- CVE-2012-0441
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp://staging/ubuntu/raring/nss
