News for package nss

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 3.0 (quilt)
Source: nss
Binary: libnss3, libnss3-1d, libnss3-tools, libnss3-dev, libnss3-dbg
Architecture: any
Version: 2:3.17.2-1.1+deb8u1
Maintainer: Maintainers of Mozilla-related packages <pkg-mozilla-maintainers@lists.alioth.debian.org>
Uploaders: Mike Hommey <glandium@debian.org>
Homepage: http://www.mozilla.org/projects/security/pki/nss/
Standards-Version: 3.9.3.0
Vcs-Browser: http://git.debian.org/?p=pkg-mozilla/nss.git
Vcs-Git: git://git.debian.org/git/pkg-mozilla/nss.git
Build-Depends: debhelper (>= 9), dpkg-dev (>= 1.16.1.1~), libnspr4-dev (>= 2:4.9.4), zlib1g-dev, libsqlite3-dev (>= 3.3.9)
Package-List:
 libnss3 deb libs optional arch=any
 libnss3-1d deb oldlibs extra arch=any
 libnss3-dbg deb debug extra arch=any
 libnss3-dev deb libdevel optional arch=any
 libnss3-tools deb admin optional arch=any
Checksums-Sha1:
 c518e0726e89210219e3c583bfa08e40fb39385a 6927414 nss_3.17.2.orig.tar.gz
 b030d8ca3ffb69a9e942210643f23608af024a95 30436 nss_3.17.2-1.1+deb8u1.debian.tar.xz
Checksums-Sha256:
 134929e44e44b968a4883f4ee513a71ae45d55b486cee41ee8e26c3cc84dab8b 6927414 nss_3.17.2.orig.tar.gz
 7fb3a66185af6acb05e66128e56a9753aee8055a3e7a648957bc14b387cc407e 30436 nss_3.17.2-1.1+deb8u1.debian.tar.xz
Files:
 d3edb6f6c3688b2fde67ec9c9a8c1214 6927414 nss_3.17.2.orig.tar.gz
 0ec9a52bef098c4fb68b06f401c8b6ce 30436 nss_3.17.2-1.1+deb8u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJV0OEGAAoJEAVMuPMTQ89Eu80P/3IMf+ubJhkYsuevlv+YpBPq
RC99z/al+B30layviEkzrwG3Q3YnX3vxaiqPejkhwS1prgTKbHHbLzo8UVw1p6Ru
dWlkvAsKCMdsgtehvLrPddd47s6LaIcQqIvP2sysw3cozSHEgSXUuzDLvj+OZFDj
sazfHfeMC2D1233XP6RMHpyfFSJcQk9pKrx83X6Zf7lP9Oi7Vl0Zl4QfRQSWU44y
QWQVMfW9pHw/4Cm6hX7KHglA1zgmbxvoZ9K/z0Dj81QumKSf2AQ+WD7DgUQ3sKPH
cLbKJPRINWoguElg+9wzlPU93RrAKla1Vkeu7lsiz5v3QnGaNQuJlEsZz2mJYv2E
0iStcKf66lKd8K2nFw/MerLFi8bIx19+IcbUQrFzI186AvnS8MYMgZYQkorpdMx4
VmyOo7Y9eDal+7RMS7QYwfl7A4QdqTWQDimvgp9FccCCAaKVbgCYFybVdJReHniq
ffZTKwFXBKhWxD8EZFGVvD3Fwp+On8UGcJTZaE/ezoaytODiQyfSpakSMiuzXrHV
LFMeRDGDTlJJ4bvxDPLyKGkXzR3aaWj7uwlpem2u9G4oqX0RFhuN0Em/bJfbFzWA
Q08YpyIPVR8z0TUvx7+rGpduDMJIzd9oVGC1qzY6GrHAkZIzwlIED5KYK9SMKxHR
Sn7Fxq2sxLBFZZJCyB8J
=CM7o
-----END PGP SIGNATURE-----

Changes:
nss (2:3.17.2-1.1+deb8u1) jessie-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * Add 99_CVE-2015-2721.patch patch.
    CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange.
  * Add 100_CVE-2015-2730.patch patch.
    CVE-2015-2730: ECDSA signature validation fails to handle some
    signatures correctly.

 -- Salvatore Bonaccorso <carnil@debian.org>  Tue, 11 Aug 2015 19:37:12 +0200