-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 3.0 (quilt) Source: nss Binary: libnss3, libnss3-1d, libnss3-tools, libnss3-dev, libnss3-dbg Architecture: any Version: 2:3.17.2-1.1+deb8u1 Maintainer: Maintainers of Mozilla-related packages <[email protected]> Uploaders: Mike Hommey <[email protected]> Homepage: http://www.mozilla.org/projects/security/pki/nss/ Standards-Version: 3.9.3.0 Vcs-Browser: http://git.debian.org/?p=pkg-mozilla/nss.git Vcs-Git: git://git.debian.org/git/pkg-mozilla/nss.git Build-Depends: debhelper (>= 9), dpkg-dev (>= 1.16.1.1~), libnspr4-dev (>= 2:4.9.4), zlib1g-dev, libsqlite3-dev (>= 3.3.9) Package-List: libnss3 deb libs optional arch=any libnss3-1d deb oldlibs extra arch=any libnss3-dbg deb debug extra arch=any libnss3-dev deb libdevel optional arch=any libnss3-tools deb admin optional arch=any Checksums-Sha1: c518e0726e89210219e3c583bfa08e40fb39385a 6927414 nss_3.17.2.orig.tar.gz b030d8ca3ffb69a9e942210643f23608af024a95 30436 nss_3.17.2-1.1+deb8u1.debian.tar.xz Checksums-Sha256: 134929e44e44b968a4883f4ee513a71ae45d55b486cee41ee8e26c3cc84dab8b 6927414 nss_3.17.2.orig.tar.gz 7fb3a66185af6acb05e66128e56a9753aee8055a3e7a648957bc14b387cc407e 30436 nss_3.17.2-1.1+deb8u1.debian.tar.xz Files: d3edb6f6c3688b2fde67ec9c9a8c1214 6927414 nss_3.17.2.orig.tar.gz 0ec9a52bef098c4fb68b06f401c8b6ce 30436 nss_3.17.2-1.1+deb8u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJV0OEGAAoJEAVMuPMTQ89Eu80P/3IMf+ubJhkYsuevlv+YpBPq RC99z/al+B30layviEkzrwG3Q3YnX3vxaiqPejkhwS1prgTKbHHbLzo8UVw1p6Ru dWlkvAsKCMdsgtehvLrPddd47s6LaIcQqIvP2sysw3cozSHEgSXUuzDLvj+OZFDj sazfHfeMC2D1233XP6RMHpyfFSJcQk9pKrx83X6Zf7lP9Oi7Vl0Zl4QfRQSWU44y QWQVMfW9pHw/4Cm6hX7KHglA1zgmbxvoZ9K/z0Dj81QumKSf2AQ+WD7DgUQ3sKPH cLbKJPRINWoguElg+9wzlPU93RrAKla1Vkeu7lsiz5v3QnGaNQuJlEsZz2mJYv2E 0iStcKf66lKd8K2nFw/MerLFi8bIx19+IcbUQrFzI186AvnS8MYMgZYQkorpdMx4 VmyOo7Y9eDal+7RMS7QYwfl7A4QdqTWQDimvgp9FccCCAaKVbgCYFybVdJReHniq ffZTKwFXBKhWxD8EZFGVvD3Fwp+On8UGcJTZaE/ezoaytODiQyfSpakSMiuzXrHV LFMeRDGDTlJJ4bvxDPLyKGkXzR3aaWj7uwlpem2u9G4oqX0RFhuN0Em/bJfbFzWA Q08YpyIPVR8z0TUvx7+rGpduDMJIzd9oVGC1qzY6GrHAkZIzwlIED5KYK9SMKxHR Sn7Fxq2sxLBFZZJCyB8J =CM7o -----END PGP SIGNATURE----- Changes: nss (2:3.17.2-1.1+deb8u1) jessie-security; urgency=high * Non-maintainer upload by the Security Team. * Add 99_CVE-2015-2721.patch patch. CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange. * Add 100_CVE-2015-2730.patch patch. CVE-2015-2730: ECDSA signature validation fails to handle some signatures correctly. -- Salvatore Bonaccorso <[email protected]> Tue, 11 Aug 2015 19:37:12 +0200
