Your message dated Sun, 17 Mar 2013 15:05:49 +0000 with message-id <e1uhf9h-00072x...@franck.debian.org> and subject line Bug#699888: fixed in nss 2:3.14.3-1 has caused the Debian Bug report #699888, regarding TLS timing attack in nss (Lucky 13) to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 699888: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699888 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: nss Severity: serious Tags: security Hi, Nadhem Alfardan and Kenny Paterson have discovered a weakness in the handling of CBC ciphersuites in SSL, TLS and DTLS. Their attack exploits timing differences arising during MAC processing. Details of this attack can be found at: http://www.isg.rhul.ac.uk/tls/ Upstream NSS progress is tracked at https://bugzilla.mozilla.org/show_bug.cgi?id=822365 The generic protocol issue has been assigned CVE name CVE-2013-0169. The specific fix for NSS is known as CVE-2013-1620. Please mention these identifiers in the changelog. Can you see to it that this issue is addressed in unstable and testing? And are you available to create an update for stable-security? Cheers, Thijs
signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---Source: nss Source-Version: 2:3.14.3-1 We believe that the bug you reported is fixed in the latest version of nss, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 699...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Mike Hommey <gland...@debian.org> (supplier of updated nss package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 17 Mar 2013 15:01:06 +0100 Source: nss Binary: libnss3 libnss3-1d libnss3-tools libnss3-dev libnss3-dbg Architecture: source amd64 Version: 2:3.14.3-1 Distribution: unstable Urgency: high Maintainer: Maintainers of Mozilla-related packages <pkg-mozilla-maintain...@lists.alioth.debian.org> Changed-By: Mike Hommey <gland...@debian.org> Description: libnss3 - Network Security Service libraries libnss3-1d - Network Security Service libraries - transitional package libnss3-dbg - Debugging symbols for the Network Security Service libraries libnss3-dev - Development files for the Network Security Service libraries libnss3-tools - Network Security Service tools Closes: 699888 Changes: nss (2:3.14.3-1) unstable; urgency=high . * New upstream release. - Fixes TLS timing attack (luck 13). Closes: #699888. * debian/libnss3.symbols: Add NSS_3.14.3 symbol version. * debian/control: Unbump sqlite3 build dependency, 3.14.3 lifted the need for sqlite 3.7.15. Checksums-Sha1: 3c2d194df9378bed4f164f3ec58f06c41b0b2225 2174 nss_3.14.3-1.dsc 94d8781d1fa29cfbd37453dda3e9488709b82c4c 6189790 nss_3.14.3.orig.tar.gz 6aa4358a512f7b541c72c1779c659a7c7f21e9a8 39498 nss_3.14.3-1.debian.tar.gz cc50157e4cfc4596feb18badb9e827f5272097dd 1062656 libnss3_3.14.3-1_amd64.deb 786dae0f88b47fb24057c042e6e0472bc90da816 19956 libnss3-1d_3.14.3-1_amd64.deb f98eba1f5c04bd8fef485104a0ff669453188a78 228668 libnss3-tools_3.14.3-1_amd64.deb b70b79c2ae6c91c5463e3e01ff1b2cd32722fbda 219402 libnss3-dev_3.14.3-1_amd64.deb d1ee046eaf1768d53bf7629dd94559ed31b49a8a 4833896 libnss3-dbg_3.14.3-1_amd64.deb Checksums-Sha256: d25ff7871ee7c390a3d4f92b9dfad5b6ebb2c660cc1d648b6e73444a2d59ac75 2174 nss_3.14.3-1.dsc d9d366be94d33395597ebf82363fcdedfa693a6d627cf7f6bec025f609d54cc0 6189790 nss_3.14.3.orig.tar.gz c7aad54bf03f4b71a0b6700dca59aa38fc392a9ea31e1b44b050e991d6885041 39498 nss_3.14.3-1.debian.tar.gz 93dd385717fafee68232e3f7f311221efb6a861b47c711c656456e53572d51ab 1062656 libnss3_3.14.3-1_amd64.deb fb47b8259ac78e1be61c46e45c7c733703b11b1515d31e31e89c40f771f1e5f2 19956 libnss3-1d_3.14.3-1_amd64.deb 50105e13c5e626faf6fc631345dc71d3ffd02ba36138ad081b81da383308c3d4 228668 libnss3-tools_3.14.3-1_amd64.deb 77a57612ec112848aea7f774facedeaf9dcb45b942885c8af863b1a2dd067817 219402 libnss3-dev_3.14.3-1_amd64.deb d317aa987bdf399ce9dffd08802dc58a0d9f2b3c2a3ce467c1d4e9c3d2fc31b9 4833896 libnss3-dbg_3.14.3-1_amd64.deb Files: 8407f46305c8bfe7097bdcaada4dca81 2174 libs optional nss_3.14.3-1.dsc b326c2be8df277f62fb9c65fb3428148 6189790 libs optional nss_3.14.3.orig.tar.gz 24d9781956461f453ffcb410ae5a9d27 39498 libs optional nss_3.14.3-1.debian.tar.gz eec9890e6e0cf580d667e1d57280b49a 1062656 libs optional libnss3_3.14.3-1_amd64.deb 95567bdc605ff8b1cd62b27705dace4a 19956 oldlibs extra libnss3-1d_3.14.3-1_amd64.deb 007ca0adadbacd4165630da026cdcc5e 228668 admin optional libnss3-tools_3.14.3-1_amd64.deb 1070967e0d4e259dee92052f844469f3 219402 libdevel optional libnss3-dev_3.14.3-1_amd64.deb 2efd4ddc4800f3a3bf02b43160481800 4833896 debug extra libnss3-dbg_3.14.3-1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIVAwUBUUXN4+QqoE+mqoxyAQgb2A/9F7t3ei/2yT3XaQMZKUhQvYpA/MPrfRLx Jszs4mgZVqPFCdhFuHA2ZC3CbTyq5UZeFVypffeG+aEsOa+TKVHemW8emQ6dZ2tc snEa4KLXmy7pjP8xMKenAwVlWr8pbZuZNXYPcgPFcKrM3k9YlOCU5q3+zTMeLN4L f4oISDf9kKpzeegp8tq07yqo3O9wq1pBGJN1QkDpSbs5+g9/wR/K3FXEePwAvDvY PMh0ae5c6AhAlRC0YjaEX5DXsUGq9h05MxobiRcAPlzg6ZfieQB/tY3ocNrkvXIG LzTdEh7WQ3Dsp5Z0reksUE4ZW8XS6QtNNy+p3CuFKeVdCL0adWORF8bS0X72Cut2 3pXz0P1gfK5f5BZ93VJMvhs2vS1z8mZLI3Q0yJ/hmKPqm6ppRsra2SsjzZBn+Auv 6lUSXCJ1LELtHhRL/5MAYQbno6kGHTdmL7tD2SB2bemBwsU3Fy+/jHJNeIy+tQMD FQ66mwPl7ZeN/VWTpbjXz8dvYeEg5zP25vvi4DA2N6yyF0mhCdEZc4kXYZHHTYIh OvwUJZuN/kqiPesRA5qp2VuJynPGGiq7dfgeperJjwKjx5yfGEeI4vg9tKQcXlWX XIzo06Z0545LODRpjKLV7ont++pFA+XrkOgvapQEHua/vdtgCKY3Nwr96HLljR8N pAMxApGdoMQ= =oag7 -----END PGP SIGNATURE-----
--- End Message ---
