[Git][security-tracker-team/security-tracker][master] 2 commits: Mark three nss issues as no-dsa

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dcb8fcbc by Salvatore Bonaccorso at 2019-08-29T15:35:40Z
Mark three nss issues as no-dsa

- - - - -
9ca696e2 by Salvatore Bonaccorso at 2019-08-29T15:36:11Z
Track proposed fixes for nss via buster-pu

- - - - -


2 changed files:

- data/CVE/list
- data/next-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -12196,6 +12196,8 @@ CVE-2019-11729 (Empty or malformed p256-ECDH public keys may trigger a segmentat
 	[buster] - thunderbird 1:60.8.0-1~deb10u1
 	[stretch] - thunderbird 1:60.8.0-1~deb9u1
 	- nss 2:3.45-1
+	[buster] - nss <no-dsa> (Minor issue)
+	[stretch] - nss <no-dsa> (Minor issue)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11729
@@ -12210,6 +12212,8 @@ CVE-2019-11728 (The HTTP Alternative Services header, Alt-Svc, can be used by a
 CVE-2019-11727 (A vulnerability exists where it possible to force Network Security Ser ...)
 	- firefox 68.0-1 (unimportant)
 	- nss 2:3.45-1
+	[buster] - nss <no-dsa> (Minor issue)
+	[stretch] - nss <no-dsa> (Minor issue)
 	[jessie] - nss <ignored> (Issue is specific to TLS 1.3 and support was not really complete in 3.26; code has diverged significantly since and applying the fix would be very disruptive)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11727
 	NOTE: https://hg.mozilla.org/projects/nss/rev/0a4e8b72a92e144663c2f35d3836f7828cfc97f2
@@ -12245,6 +12249,8 @@ CVE-2019-11719 (When importing a curve25519 private key in PKCS#8format with lea
 	[buster] - thunderbird 1:60.8.0-1~deb10u1
 	[stretch] - thunderbird 1:60.8.0-1~deb9u1
 	- nss 2:3.45-1
+	[buster] - nss <no-dsa> (Minor issue)
+	[stretch] - nss <no-dsa> (Minor issue)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11719
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11719
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11719


=====================================
data/next-point-update.txt
=====================================
@@ -129,3 +129,9 @@ CVE-2019-9824
 	[buster] - slirp4netns 0.2.3-1
 CVE-2019-14378
 	[buster] - slirp4netns 0.2.3-1
+CVE-2019-11719
+	[buster] - nss 2:3.42.1-1+deb10u1
+CVE-2019-11727
+	[buster] - nss 2:3.42.1-1+deb10u1
+CVE-2019-11729
+	[buster] - nss 2:3.42.1-1+deb10u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/9cf84e7a3526f0ce586f571981cf9786270734d6...9ca696e2e4f7cbe54ededb553056efafd4a2e7db

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/9cf84e7a3526f0ce586f571981cf9786270734d6...9ca696e2e4f7cbe54ededb553056efafd4a2e7db
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190829/d4aaf4ac/attachment-0001.html>