Ubuntu
nss package

  1. Focal (20.04)
  2. Bug #1885562
  3. Comment #20

Comment 20 for bug 1885562

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nss - 2:3.35-2ubuntu2.11

---------------
nss (2:3.35-2ubuntu2.11) bionic-security; urgency=medium

  * SECURITY UPDATE: Side-channel attack
    - debian/patches/CVE-2020-12400-and-6829-*.patch: use constant-time
      P-384 and P-521 in nss/lib/freebl/ecl/ecl-priv.h, nss/lib/freebl/ecl/ecl.c,
      nss/lib/freebl/ecl/ecl_spec384r1.c, nss/lib/freebl/freebl_base.gypi,
      nss/lib/freebl/manifest.mn, nss/test/ec/ectest.sh.
    - CVE-2020-12400
    - CVE-2020-6829
  * SECURITY UPDATE: Timing attack mitigation bypass
    - debian/patches/CVE-2020-12401.patch: remove unnecessary scalar
      padding in nss/lib/freebl/ec.c.
    - CVE-2020-12401

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 05 Aug 2020 15:58:41 -0300