[Git][security-tracker-team/security-tracker][master] Add CVE-2019-17006/nss

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
82318f79 by Salvatore Bonaccorso at 2019-12-27T07:36:25Z
Add CVE-2019-17006/nss

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15256,8 +15256,13 @@ CVE-2019-17007 [nss: Handling of Netscape Certificate Sequences in CERT_DecodeCe
 	NOTE: https://hg.mozilla.org/projects/nss/rev/1473dd7efe2ce4f8722a33ebb03a3425e09887de
 	NOTE: Fixed in 3.44 upstream (and there was an upload of 3.44 to unstable
 	NOTE: but then reverted until the 2:3.45-1 upload).
-CVE-2019-17006
+CVE-2019-17006 [Check length of inputs for cryptographic primitives]
 	RESERVED
+	- nss 2:3.47-1
+	NOTE: Fixed upstream in NSS 3.46.
+	NOTE: Upstream bug (currently non-public): https://bugzilla.mozilla.org/show_bug.cgi?id=1539788
+	NOTE: https://hg.mozilla.org/projects/nss/rev/dfd6996fe7425eb0437346d11a01082f16fcfe34
+	NOTE: https://hg.mozilla.org/projects/nss/rev/9d1f5e71773d4e3146524096d74cb96c8df51abe
 CVE-2019-17005
 	RESERVED
 	{DSA-4585-1 DSA-4580-1 DLA-2036-1 DLA-2029-1}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/82318f791debeb4959b1b5ae17ae2573d62a8baf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/82318f791debeb4959b1b5ae17ae2573d62a8baf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191227/363eaa33/attachment.html>