-
nss (3.14.3-0ubuntu0.11.10.1) oneiric-security; urgency=low
* SECURITY UPDATE: New upstream release to fix TLS timing side-channel
attacks
- CVE-2013-1620
* Remaining changes:
- 98_ckbi-1.93.patch: Dropped (included upstream)
- 01_dont_build_nspr.patch
- 38_kbsd.patch: refresh/update
- 80_security_build.patch
- 85_security_load.patch
- 97_SSL_RENEGOTIATE_TRANSITIONAL.patch
* debian/libnss3.symbols: add NSS_3.14.3 symbols
-- Jamie Strandboge <email address hidden> Wed, 13 Mar 2013 13:12:05 -0500
-
nss (3.14.1-0ckbi1.93ubuntu.0.11.10.1) oneiric-security; urgency=low
* New upstream release. Dropped the following patches:
- debian/patches/25_entropy.patch (was bz51429 obsoleted by fix for
bz174993)
- debian/patches/38_mips64_build.patch (we don't build on mips)
- debian/patches/90_realpath.patch (included upstream)
upstream)
- debian/patches/diginotar.patch (included upstream)
- debian/patches/CVE-2012-0441.patch (included upstream)
* debian/patches/01_dont_build_nspr.patch: refresh
* debian/patches/38_kbsd.patch: refresh/update based on Debian
* debian/patches/80_security_build.patch: refresh
* debian/patches/85_security_load.patch: refresh/update based on Debian
* debian/patches/97_SSL_RENEGOTIATE_TRANSITIONAL.patch: refresh/update based
on Debian
* SECURITY UPDATE: distrust improperly issued TURKTRUST intermediate CAs
- debian/patches/94_ckbi-1.9.patch: update to CKBI 1.93 by using
mozilla/security/nss/lib/ckfw/builtins/certdata.txt from upstream and
updating mozilla/security/nss/lib/ckfw/builtins/nssckbi.h. Apply this
before 95_add_spi+cacert_ca_certs.patch since it keeps this patch clean
and underscores that SPI and CACERT are not part of upstream Roots.
- CVE-2013-0743
* debian/libnss3.symbols: updated for *_3.12.10 through *_3.14.1
-- Jamie Strandboge <email address hidden> Fri, 11 Jan 2013 12:30:30 -0600
-
nss (3.12.9+ckbi-1.82-0ubuntu6.1) oneiric-security; urgency=low
* SECURITY UPDATE: denial of service in QuickDER decoder
- debian/patches/CVE-2012-0441.patch: properly handle zero-length basic
constraints and zero-length fields in
nss/mozilla/security/nss/lib/softoken/legacydb/keydb.c,
nss/mozilla/security/nss/lib/softoken/legacydb/lgcreate.c,
nss/mozilla/security/nss/lib/softoken/legacydb/lowkey.c,
nss/mozilla/security/nss/lib/softoken/legacydb/lowkeyti.h,
nss/mozilla/security/nss/lib/util/quickder.c.
- CVE-2012-0441
* debian/rules: added a better workaround to get package built on more
recent kernels.
-- Marc Deslauriers <email address hidden> Mon, 30 Jul 2012 13:59:34 -0400
-
nss (3.12.9+ckbi-1.82-0ubuntu6) oneiric; urgency=low
* No-change rebuild to force a version bump, forcing upgrades,
and restoring the deleted library that ca-certificates ate.
-- Adam Conrad <email address hidden> Wed, 21 Sep 2011 14:42:05 -0600
-
nss (3.12.9+ckbi-1.82-0ubuntu5) oneiric; urgency=low
* SECURITY UPDATE: Add patch from Debian version 3.12.11-3 rebased against
3.12.9 to remove the DigiNotar certificates and actively distrust them;
Thanks to Mike Hommey from Debian for the original patch (LP: #837557)
- mozilla/security/nss/lib/ckfw/builtins/certdata.*:
Explicitely distrust various DigiNotar CAs:
- DigiNotar Root CA
- DigiNotar Services 1024 CA
- DigiNotar Cyber CA
- DigiNotar Cyber CA 2nd
- DigiNotar PKIoverheid
- DigiNotar PKIoverheid G2
- mozilla/security/nss/lib/ckfw/builtins/certdata.*:
Remove DigiNotar Root CA.
* Add a symlink from Linux2.6.mk to Linux3.0.mk; This is a temporary hack to
let NSS build on a 3.0.x kernel
- update debian/rules
-- Micah Gersten <email address hidden> Fri, 09 Sep 2011 11:57:13 -0500
-
nss (3.12.9+ckbi-1.82-0ubuntu4) oneiric; urgency=low
* nss-config, nss.pc: Fix multiarch libdir location. LP: #778726.
-- Matthias Klose <email address hidden> Tue, 17 May 2011 16:33:57 +0200
-
nss (3.12.9+ckbi-1.82-0ubuntu3) oneiric; urgency=low
* Build for multiarch.
-- Steve Langasek <email address hidden> Fri, 22 Apr 2011 11:00:14 -0700
-
nss (3.12.9+ckbi-1.82-0ubuntu2) natty; urgency=low
* add explicit conflict to sunbird for systems that have this
package leftover from karmic days (LP: #760713)
-- Michael Vogt <email address hidden> Wed, 20 Apr 2011 13:45:50 +0200
