Debian Bug report logs - #726473
nss: CVE-2013-1739

version graph

Package: nss; Maintainer for nss is Maintainers of Mozilla-related packages <pkg-mozilla-maintainers@lists.alioth.debian.org>;

Reported by: Michael Gilbert <mgilbert@debian.org>

Date: Wed, 16 Oct 2013 04:30:02 UTC

Severity: grave

Found in version 2:3.14.3-1

Fixed in versions nss/2:3.15.2-1, nss/2:3.14.4-1

Done: Mike Hommey <glandium@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Maintainers of Mozilla-related packages <pkg-mozilla-maintainers@lists.alioth.debian.org>:
Bug#726473; Package nss. (Wed, 16 Oct 2013 04:30:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Michael Gilbert <mgilbert@debian.org>:
New Bug report received and forwarded. Copy sent to Maintainers of Mozilla-related packages <pkg-mozilla-maintainers@lists.alioth.debian.org>. (Wed, 16 Oct 2013 04:30:07 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Michael Gilbert <mgilbert@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: nss: CVE-2013-1739
Date: Wed, 16 Oct 2013 00:26:49 -0400
package: nss
version: 3.12.8-1
severity: grave
tag: security

Hi,

A security issue was recently fixed in nss 3.15.2:
[0] https://security-tracker.debian.org/tracker/CVE-2013-1739

For unstable, its probably easiest to just update directly to the
latest upstream version to fix this.  Actual patch is still behind a
restricted bug report, so I was not able to fully check affected
versions.

Best wishes,
Mike



Information forwarded to debian-bugs-dist@lists.debian.org, Maintainers of Mozilla-related packages <pkg-mozilla-maintainers@lists.alioth.debian.org>:
Bug#726473; Package nss. (Sun, 20 Oct 2013 23:15:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Mike Hommey <mh@glandium.org>:
Extra info received and forwarded to list. Copy sent to Maintainers of Mozilla-related packages <pkg-mozilla-maintainers@lists.alioth.debian.org>. (Sun, 20 Oct 2013 23:15:07 GMT) Full text and rfc822 format available.

Message #10 received at 726473@bugs.debian.org (full text, mbox):

From: Mike Hommey <mh@glandium.org>
To: Michael Gilbert <mgilbert@debian.org>, 726473@bugs.debian.org
Subject: Re: Bug#726473: nss: CVE-2013-1739
Date: Mon, 21 Oct 2013 08:13:24 +0900
On Wed, Oct 16, 2013 at 12:26:49AM -0400, Michael Gilbert wrote:
> package: nss
> version: 3.12.8-1
> severity: grave
> tag: security
> 
> Hi,
> 
> A security issue was recently fixed in nss 3.15.2:
> [0] https://security-tracker.debian.org/tracker/CVE-2013-1739
> 
> For unstable, its probably easiest to just update directly to the
> latest upstream version to fix this.  Actual patch is still behind a
> restricted bug report, so I was not able to fully check affected
> versions.

The bug was introduced in 3.14.3, so it doesn't affect squeeze. It does,
however affect wheezy.

Mike



Reply sent to Mike Hommey <glandium@debian.org>:
You have taken responsibility. (Sun, 20 Oct 2013 23:21:05 GMT) Full text and rfc822 format available.

Notification sent to Michael Gilbert <mgilbert@debian.org>:
Bug acknowledged by developer. (Sun, 20 Oct 2013 23:21:05 GMT) Full text and rfc822 format available.

Message #15 received at 726473-close@bugs.debian.org (full text, mbox):

From: Mike Hommey <glandium@debian.org>
To: 726473-close@bugs.debian.org
Subject: Bug#726473: fixed in nss 2:3.15.2-1
Date: Sun, 20 Oct 2013 23:18:57 +0000
Source: nss
Source-Version: 2:3.15.2-1

We believe that the bug you reported is fixed in the latest version of
nss, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 726473@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mike Hommey <glandium@debian.org> (supplier of updated nss package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 21 Oct 2013 08:05:24 +0900
Source: nss
Binary: libnss3 libnss3-1d libnss3-tools libnss3-dev libnss3-dbg
Architecture: source amd64
Version: 2:3.15.2-1
Distribution: unstable
Urgency: low
Maintainer: Maintainers of Mozilla-related packages <pkg-mozilla-maintainers@lists.alioth.debian.org>
Changed-By: Mike Hommey <glandium@debian.org>
Description: 
 libnss3    - Network Security Service libraries
 libnss3-1d - Network Security Service libraries - transitional package
 libnss3-dbg - Debugging symbols for the Network Security Service libraries
 libnss3-dev - Development files for the Network Security Service libraries
 libnss3-tools - Network Security Service tools
Closes: 726473
Changes: 
 nss (2:3.15.2-1) unstable; urgency=low
 .
   * New upstream release.
     - Fixes CVE-2013-1739. Closes: #726473.
Checksums-Sha1: 
 9baaaa828fa59a6f39a30ef6cb8537905abea9f5 2176 nss_3.15.2-1.dsc
 2d900c296bf11deabbf833ebd6ecdea549c97a5f 6288669 nss_3.15.2.orig.tar.gz
 f03208371a47dbc7a4ce6a89516127425c4b6643 37097 nss_3.15.2-1.debian.tar.gz
 bdd2f806704f548f814d6c536e9a4ce33205dac3 1088742 libnss3_3.15.2-1_amd64.deb
 0db8a83456b0cff09177e4af7094b1e33e6e872a 20100 libnss3-1d_3.15.2-1_amd64.deb
 8beeb15eca5cd7c6313e17cf43357acab145ef98 230300 libnss3-tools_3.15.2-1_amd64.deb
 3eb5a2f2613b3ff0467a97e5adce2eefcfe8d8be 219792 libnss3-dev_3.15.2-1_amd64.deb
 0881e16737ca55c842e96ef4e9db5c0fb9dafb9e 4757858 libnss3-dbg_3.15.2-1_amd64.deb
Checksums-Sha256: 
 27df1270336cececf2cd976bcfadf1b1b90e9f7337f1134ba17e8e09e605f1e2 2176 nss_3.15.2-1.dsc
 7b2c80d18c49581edbdb509cbf7afd61d8c53658f2a38ff20e224c1909faeddc 6288669 nss_3.15.2.orig.tar.gz
 df9f2fabf3cf75dfbba349eafc89cb283ad6fe8ddf34e0843341a1f98c623bf5 37097 nss_3.15.2-1.debian.tar.gz
 b0252f7e5bf7f752615e698212945e7a52a1d86edb7722a8a3907673cc61d4ee 1088742 libnss3_3.15.2-1_amd64.deb
 64ce394ca32a46cb3a9ebe9e57cec4fc7b2e25157540896d887d0fa965f81069 20100 libnss3-1d_3.15.2-1_amd64.deb
 675371b30aa2a1ac232e05616d61964d1d4b9ec0099994205d6d94a1627a8728 230300 libnss3-tools_3.15.2-1_amd64.deb
 e3e02aae77251f08c2fc7f09b4e915013eba5fc2fa61d7c221698edd63feb337 219792 libnss3-dev_3.15.2-1_amd64.deb
 e37bd2a91af698c10411f689c57c8cc474d66ba957c7e196fa901319f59a5b23 4757858 libnss3-dbg_3.15.2-1_amd64.deb
Files: 
 a70a2633370be617d16792c704327386 2176 libs optional nss_3.15.2-1.dsc
 154223568f9734c76c164b46c774450c 6288669 libs optional nss_3.15.2.orig.tar.gz
 4e1ef29b8546e8b9ee98f66bd3200a3d 37097 libs optional nss_3.15.2-1.debian.tar.gz
 7a98a6c4ab714c31d6a1c72c8071845b 1088742 libs optional libnss3_3.15.2-1_amd64.deb
 3d9399cd1ca4c3ebf861cf075264356a 20100 oldlibs extra libnss3-1d_3.15.2-1_amd64.deb
 fe9dc8e8cede6a20234faf66ecb07879 230300 admin optional libnss3-tools_3.15.2-1_amd64.deb
 eb87d69cc78d161388708c0113aa8b67 219792 libdevel optional libnss3-dev_3.15.2-1_amd64.deb
 2aaea8839d2ff984688e9b6f503171f5 4757858 debug extra libnss3-dbg_3.15.2-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIVAwUBUmRjSuQqoE+mqoxyAQiwPg//YvFnEoYZ4egErXT4C2GDBHB64q3armzV
Woe6nJ7vMWHjOatpMYoAm9wd5ybs0oWGelF8zQo8ZLA+duB/c795rjHI5dPC7gGI
oE13ThDV4DQyhpjsxdJnE6+CbMjXRncQ6uz16OgoBEhMvyusOoSTulqkxPFh5039
NfsUgNVmJL1nqpkJ36FnBxhUVfHDAZ2ZNu4i5It2XxHpFkymDvIbjokyRKOt27+c
8bjn5s+YLeAWYtcqTeAGne+ADBPtdlDRmA2fdJYz+H/f2tTPTqTsF7bKC5SZwVg7
4eechf+oXX7PEnZr3HRHewGSOWlChskji+QsIdppWalQNIfrBTPSIM4fTlfwfURu
I9BnyQzUc7f2iT+dmHfNWZeK6DVZzvTu4VH6kXLsqzmyujOLuoHe39btR+HFV7/J
hlWWRkkC39jHpStKWUta+XU1YzIBK44WPNz1YEezu3BUzgu9i/IPsBneDUw54Mqm
vpyKlVYoNlFQnUSMw+RS+qJR+3j3iMiTZ9aV9nopvV3/uq455BsH99OaDa6nv6zx
A9bgyawK7gYXOpijAe0wBa2+D4Z+UHyyHjqoQXFHx66HmYWYDt9oQG8P4gltHFSt
CZgoeQhAlP+ef3HryQ2QILK6CV5IqBsilzVs7KtDnH+7bPMfftILIj/gvzCCKiZ2
7AlArByvOxY=
=j7QY
-----END PGP SIGNATURE-----




Marked as found in versions 2:3.14.3-1. Request was from Mike Hommey <glandium@debian.org> to control@bugs.debian.org. (Sun, 20 Oct 2013 23:45:06 GMT) Full text and rfc822 format available.

No longer marked as found in versions 3.12.8-1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Fri, 25 Oct 2013 05:15:04 GMT) Full text and rfc822 format available.

Reply sent to Mike Hommey <glandium@debian.org>:
You have taken responsibility. (Mon, 04 Nov 2013 23:51:06 GMT) Full text and rfc822 format available.

Notification sent to Michael Gilbert <mgilbert@debian.org>:
Bug acknowledged by developer. (Mon, 04 Nov 2013 23:51:06 GMT) Full text and rfc822 format available.

Message #24 received at 726473-close@bugs.debian.org (full text, mbox):

From: Mike Hommey <glandium@debian.org>
To: 726473-close@bugs.debian.org
Subject: Bug#726473: fixed in nss 2:3.14.4-1
Date: Mon, 04 Nov 2013 23:47:05 +0000
Source: nss
Source-Version: 2:3.14.4-1

We believe that the bug you reported is fixed in the latest version of
nss, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 726473@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mike Hommey <glandium@debian.org> (supplier of updated nss package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 31 Oct 2013 13:51:57 +0900
Source: nss
Binary: libnss3 libnss3-1d libnss3-tools libnss3-dev libnss3-dbg
Architecture: source amd64
Version: 2:3.14.4-1
Distribution: stable-security
Urgency: low
Maintainer: Maintainers of Mozilla-related packages <pkg-mozilla-maintainers@lists.alioth.debian.org>
Changed-By: Mike Hommey <glandium@debian.org>
Description: 
 libnss3    - Network Security Service libraries
 libnss3-1d - Network Security Service libraries - transitional package
 libnss3-dbg - Debugging symbols for the Network Security Service libraries
 libnss3-dev - Development files for the Network Security Service libraries
 libnss3-tools - Network Security Service tools
Closes: 726473
Changes: 
 nss (2:3.14.4-1) stable-security; urgency=low
 .
   * New upstream release.
     - Fixes CVE-2013-1739. Closes: #726473.
Checksums-Sha1: 
 4a112627f1cc29cad00f14824e817d676485bee2 2174 nss_3.14.4-1.dsc
 0fcd62bc4dc2449d3a49809beab17009d92348d6 6190110 nss_3.14.4.orig.tar.gz
 d168cfcf9e8c8bc661752c5ea8a79b282525a9da 39377 nss_3.14.4-1.debian.tar.gz
 30f5f1e2ccbf3107a3a969be3fde6c680c81b4be 1062856 libnss3_3.14.4-1_amd64.deb
 2046e632517797304927c2b70493c7300a67ed66 20000 libnss3-1d_3.14.4-1_amd64.deb
 15c233dd33b610a650bd77c1e00c05f3ee11047f 228168 libnss3-tools_3.14.4-1_amd64.deb
 adbe416d628dbc7309ac94b3260784c42443700b 219380 libnss3-dev_3.14.4-1_amd64.deb
 c63fa42605e9753b43c74a5205790b1d55088132 4835432 libnss3-dbg_3.14.4-1_amd64.deb
Checksums-Sha256: 
 7de1716244d9ab5b365dab289e49a7c6011cd971c8d17006adfcd2e94d0daa32 2174 nss_3.14.4-1.dsc
 47332282d748d732f4c652fc62b9134aca2a8f15a0c21267d2e008f7154ab04d 6190110 nss_3.14.4.orig.tar.gz
 16d2e20d671a7c98cfd04d327c7a4900d15c7c74ca01e9b4e14b8cba17a7de83 39377 nss_3.14.4-1.debian.tar.gz
 07be1b3b573a7143af41576fe3afb687fcea8212162b7cd948d3a30fb630817c 1062856 libnss3_3.14.4-1_amd64.deb
 876cb92b202c0b2f72703c4ac7e400cf1d006236057063b46af5642c6641e528 20000 libnss3-1d_3.14.4-1_amd64.deb
 459f064db9e7dbd25a76c07aa235ef23d9d32a1e6b5258db3c3044c88495463a 228168 libnss3-tools_3.14.4-1_amd64.deb
 b73ef384794c1ad151d09c759f71b3b83a892e7840971535b293f444e812db00 219380 libnss3-dev_3.14.4-1_amd64.deb
 772606162ccf37b97344b4fb5b5ef4c8b12bb6fea7ab3f2d92a177aa8ad1454d 4835432 libnss3-dbg_3.14.4-1_amd64.deb
Files: 
 b1a3cbf4067039e9ed0990f6a4e1b0e8 2174 libs optional nss_3.14.4-1.dsc
 9042e4447ae690cf6f83c34c25385588 6190110 libs optional nss_3.14.4.orig.tar.gz
 29e3cfd859fc998a6f92942d18a46e45 39377 libs optional nss_3.14.4-1.debian.tar.gz
 64a8865f9cfb528086704bb8518ad0cd 1062856 libs optional libnss3_3.14.4-1_amd64.deb
 58ac2e0f963158c09da18c1c68133a16 20000 oldlibs extra libnss3-1d_3.14.4-1_amd64.deb
 507c1cf61d611ca188681a7ade03fa27 228168 admin optional libnss3-tools_3.14.4-1_amd64.deb
 6241097e2066bc73aa5f82f5c96cbe2a 219380 libdevel optional libnss3-dev_3.14.4-1_amd64.deb
 85f14ed61d7a72e2544603e2141417ac 4835432 debug extra libnss3-dbg_3.14.4-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIVAwUBUnHlveQqoE+mqoxyAQiOvRAAsLIiBVpQZAIfzXRnGfEzndMboJGRN2/0
lsmKisOk1x+ueB1vlHaQ+cQphvrIN9AWSQLiqdirIpMuZNEWVBnTQDYTdDrkhw5J
8IPV39JBMAk6wdZI4CqI6Kllf2rINq+fotXiKEouyvE+t89IR7xRSwfRMqyH2e7x
WksKMHY/2OrduDeSL1BKUVAFiiJO01TaKA6EsoF3/3DvcV9/sMz4Ispkh2UbIV8c
RrM38BUO0Gr2LnVozcP4n84I/4gihVlpcXa0ScA/SalYjhO8x2EbjbcNNv+J+4wx
0rftFJOZ4ImXGqZiw1AoGtRtn6oDx1BIjNTLFrUDpt0VsU90jbfKvAqkwdzJT9yg
FdmTfaNA7dmpzIqsVfft06bz58sLUTTK6WXpB+35WGS+RHiFaz/hUVH/whmXgdxP
vJfnwZTORm30/cDAKDsFG/aguB6pxsgd1STplbERt/emgtp4omu4CHZGln6NwFi1
YgxPQ3rxCeAizbFM2bgm5PZ5cvYaXvgHQSpsvi5+VNhG8/ilRKzXvo6Ojru/dZtq
o9UC7sWjNXLntary9YUAkLsHu3Dc4Dqo3S3QFYRG4rGGjEnUQVsEC+sOfkrtSp/8
73N2ptqpTQJwuxOjJpgYXuU4tX8xao0h5nwMD/9/sP9rSJLKqxKwwjz0hF/5g8AZ
HkE02xr2DuU=
=MOGe
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 16 Dec 2013 07:45:06 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 12:25:03 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.