File _patchinfo of Package patchinfo.13552

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.13552

<patchinfo incident="13552">
  <issue tracker="cve" id="2019-17006"/>
  <issue tracker="cve" id="2019-11745"/>
  <issue tracker="bnc" id="1159819">VUL-0: CVE-2019-17006: mozilla-nss: nss: Check length of inputs for cryptographic primitives</issue>
  <issue tracker="bnc" id="1141322">VUL-1: CVE-2019-11727: mozilla-nss: A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequ</issue>
  <issue tracker="bnc" id="1158527">VUL-0: CVE-2019-11745: mozilla-nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate</issue>
  <packager>cgrobertson</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for mozilla-nspr, mozilla-nss</summary>
  <description>This update for mozilla-nspr, mozilla-nss fixes the following issues:

mozilla-nss was updated to NSS 3.47.1:

Security issues fixed:

- CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819).
- CVE-2019-11745: EncryptUpdate should use maxout, not block size (bsc#1158527).
- CVE-2019-11727: Fixed vulnerability sign CertificateVerify with PKCS#1 v1.5 signatures issue (bsc#1141322).

mozilla-nspr was updated to version 4.23:

- Whitespace in C files was cleaned up and no longer uses tab characters for indenting.
</description>
</patchinfo>

Places

File _patchinfo of Package patchinfo.13552

Places