Ubuntu
nss package

nss should use transitional scheme for renegotiation

Bug #553251 reported by Jamie Strandboge
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
nss (Ubuntu)
Fix Released
High
Chris Coulson
Ubuntu ubuntu-10.04-beta-2
Lucid
Fix Released
High
Chris Coulson
Ubuntu ubuntu-10.04-beta-2

Bug Description

3.12.6-0ubuntu1 in Ubuntu includes a fix for CVE-2009-3555, however it uses strict checking which breaks clients connecting to unpatched servers. This is http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=561918. While not the current upstream default, transitional is the recommendation from upstream (from email exchange).

Related branches

lp:ubuntu/lucid/nss
Jamie Strandboge (jdstrand)
Changed in nss (Ubuntu):
importance: Undecided → High
milestone: none → ubuntu-10.04-beta-2
status: New → In Progress
assignee: nobody → Chris Coulson (chrisccoulson)
Jamie Strandboge (jdstrand)
Changed in nss (Ubuntu Lucid):
status: In Progress → Fix Committed
Revision history for this message
Reed Loden (reed) wrote :

Why isn't Firefox (from mozilla.org) affected by this issue? Trunk Minefield uses NSS 3.12.6.2, and I haven't heard any problems similar to this...

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nss - 3.12.6-0ubuntu2

---------------
nss (3.12.6-0ubuntu2) lucid; urgency=low

  * Enable transitional scheme for SSL renegotiation (LP: #553251)
    - add 97_SSL_RENEGOTIATE_TRANSITIONAL.patch
    - update debian/patches/series
 -- Chris Coulson <email address hidden> Wed, 31 Mar 2010 20:42:18 +0100

Changed in nss (Ubuntu Lucid):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.