This bug was fixed in the package nss - 2:3.49.1-1ubuntu1.4
--------------- nss (2:3.49.1-1ubuntu1.4) focal-security; urgency=medium
* SECURITY UPDATE: Side-channel attack - debian/patches/CVE-2020-12400-and-6829-*.patch: use constant-time P-384 and P-521 in nss/lib/freebl/ecl/ecl-priv.h, nss/lib/freebl/ecl/ecl.c, nss/lib/freebl/ecl/ecl_spec384r1.c, nss/lib/freebl/freebl_base.gypi, nss/lib/freebl/manifest.mn, nss/test/ec/ectest.sh. - CVE-2020-12400 - CVE-2020-6829 * SECURITY UPDATE: Timing attack mitigation bypass - debian/patches/CVE-2020-12401.patch: remove unnecessary scalar padding in nss/lib/freebl/ec.c. - CVE-2020-12401
-- <email address hidden> (Leonidas S. Barbosa) Wed, 05 Aug 2020 15:28:48 -0300
This bug was fixed in the package nss - 2:3.49.1-1ubuntu1.4
--------------- 1-1ubuntu1. 4) focal-security; urgency=medium
nss (2:3.49.
* SECURITY UPDATE: Side-channel attack patches/ CVE-2020- 12400-and- 6829-*. patch: use constant-time freebl/ ecl/ecl- priv.h, nss/lib/ freebl/ ecl/ecl. c, lib/freebl/ ecl/ecl_ spec384r1. c, nss/lib/ freebl/ freebl_ base.gypi, lib/freebl/ manifest. mn, nss/test/ ec/ectest. sh. patches/ CVE-2020- 12401.patch: remove unnecessary scalar freebl/ ec.c.
- debian/
P-384 and P-521 in nss/lib/
nss/
nss/
- CVE-2020-12400
- CVE-2020-6829
* SECURITY UPDATE: Timing attack mitigation bypass
- debian/
padding in nss/lib/
- CVE-2020-12401
-- <email address hidden> (Leonidas S. Barbosa) Wed, 05 Aug 2020 15:28:48 -0300