-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 3.0 (quilt) Source: nss Binary: libnss3, libnss3-1d, libnss3-tools, libnss3-dev, libnss3-dbg Architecture: any Version: 2:3.14.5-1+deb7u5 Maintainer: Maintainers of Mozilla-related packages <[email protected]> Uploaders: Mike Hommey <[email protected]> Homepage: http://www.mozilla.org/projects/security/pki/nss/ Standards-Version: 3.9.3.0 Vcs-Browser: http://git.debian.org/?p=pkg-mozilla/nss.git Vcs-Git: git://git.debian.org/git/pkg-mozilla/nss.git Build-Depends: debhelper (>= 9), dpkg-dev (>= 1.16.1.1~), libnspr4-dev (>= 2:4.9), zlib1g-dev, libsqlite3-dev (>= 3.3.9) Package-List: libnss3 deb libs optional arch=any libnss3-1d deb oldlibs extra arch=any libnss3-dbg deb debug extra arch=any libnss3-dev deb libdevel optional arch=any libnss3-tools deb admin optional arch=any Checksums-Sha1: d977d50bbd78c7cae520a57781c19c07927f5b7e 6189507 nss_3.14.5.orig.tar.gz 1812f68140564bb8171f4dc9c8cc28bd420af66d 45604 nss_3.14.5-1+deb7u5.debian.tar.xz Checksums-Sha256: 61f3493117483c85ef343fc7f22e1b3b7bff14580c632523d939eea8c5849216 6189507 nss_3.14.5.orig.tar.gz 59e945e5552d79f7ccacd38468434b86d2ce1ddf7ec58172adde75e5bdf324b3 45604 nss_3.14.5-1+deb7u5.debian.tar.xz Files: 73cf5c23206f7d333853aea697a0e7c9 6189507 nss_3.14.5.orig.tar.gz 5eab7b1874551e663cf12a8cbed0c2b1 45604 nss_3.14.5-1+deb7u5.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJV0NbAAAoJEAVMuPMTQ89ElN8QAJoa2ZQGHwiIqZGw0orGrYDR Jc4JbHtRB/b5FmiHNbrvy8MtpuP8M6nfEhJjsrW8agyEXsbnndn35FwyIwrUcJBd //ssZwT9Ebrc1xYlD1gDOHlW3Bgb3ZsmMZ+UfWTembRb9NGML6Et+8Iw7cdQHyAD +pKdMApzF3U55wUWGqDHxYqUGUBoQUAzstuXeW9GBaj6HO0+QzNujkI62mmQRWit Bba9bUMO/w6v29J/bPa1tuILPXYUUIVYHTxQy1Mpoov2FH7ISwrwE5GB9FFlqWwZ 7NsVHAuFmxuq7IrTQcKeX5vpfVqTFBhvwQaXmp/DXmY34ujYSwzeb5hAuz4wy+Bo ES2zY2MJHadQ+b3QY3AloPeCzhFTh2rOkpZM0Na1V3eJLekypbURJXyzoIHnDKPV XSV4Q28MLFWgHluXLjGlBOs1w4ETQGSTRt/L56Z0oZe5tjCDt4xSXvMLlTjNZsuY TJipDsy9dYHe9NPW/FJ60Ji9Nhj0n+TiW4xLDaviKKdEZX9dTEj5qrNADMZW2Y+c D9csjyLTDaGNIBxo6FJM3viiEkcLXtFKrEZ+js5Xw2g9/qEINwS8flf3+dGjXrwy yXrzHK1CgeH+Lzk6XVKBPekY7G/TCM7ZFRqVc9Wg3E6eZKInmP1/qfsLOZ/oLjfm I+fZE/Y+WgwxrBqBa/+/ =p0xO -----END PGP SIGNATURE----- Changes: nss (2:3.14.5-1+deb7u5) wheezy-security; urgency=high * Non-maintainer upload by the Security Team. * Add CVE-2015-2721.patch patch. CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange. * Add CVE-2015-2730.patch patch. CVE-2015-2730: ECDSA signature validation fails to handle some signatures correctly. -- Salvatore Bonaccorso <[email protected]> Tue, 11 Aug 2015 17:44:07 +0200