[Git][security-tracker-team/security-tracker][master] Reserve DLA-3327-1 for nss

[Markus Koschany (@apo)]

Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
121e7aee by Markus Koschany at 2023-02-20T16:11:24+01:00
Reserve DLA-3327-1 for nss

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -211474,7 +211474,6 @@ CVE-2020-12404 (For native-to-JS bridging the app requires a unique token to be
 CVE-2020-12403 (A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS i ...)
 	{DLA-2388-1}
 	- nss 2:3.55-1
-	[buster] - nss <no-dsa> (Minor issue)
 	NOTE: https://hg.mozilla.org/projects/nss/rev/f282556e6cc7715f5754aeaadda6f902590e7e38
 	NOTE: https://hg.mozilla.org/projects/nss/rev/c25adfdfab34ddb08d3262aac3242e3399de1095
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1636771
@@ -211488,7 +211487,6 @@ CVE-2020-12401 (During ECDSA signature generation, padding applied in the nonce
 	{DLA-2388-1}
 	- firefox 80.0-1
 	- nss 2:3.55-1
-	[buster] - nss <no-dsa> (Minor issue)
 	NOTE: https://hg.mozilla.org/projects/nss/rev/aeb2e583ee957a699d949009c7ba37af76515c20
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1631573 (private)
 	NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes
@@ -211497,7 +211495,6 @@ CVE-2020-12400 (When converting coordinates from projective to affine, the modul
 	{DLA-2388-1}
 	- firefox 80.0-1
 	- nss 2:3.55-1
-	[buster] - nss <no-dsa> (Minor issue)
 	NOTE: https://hg.mozilla.org/projects/nss/rev/e55ab3145546ae3cf1333b43956a974675d2d25c
 	NOTE: https://hg.mozilla.org/projects/nss/rev/3f022d5eca5d3cd0e366a825a5681953d76299d0
 	NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes
@@ -227156,7 +227153,6 @@ CVE-2020-6829 (When performing EC scalar point multiplication, the wNAF point mu
 	{DLA-2388-1}
 	- firefox 80.0-1
 	- nss 2:3.55-1
-	[buster] - nss <no-dsa> (Minor issue)
 	NOTE: https://hg.mozilla.org/projects/nss/rev/e55ab3145546ae3cf1333b43956a974675d2d25c
 	NOTE: https://hg.mozilla.org/projects/nss/rev/3f022d5eca5d3cd0e366a825a5681953d76299d0
 	NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[20 Feb 2023] DLA-3327-1 nss - security update
+	{CVE-2020-6829 CVE-2020-12400 CVE-2020-12401 CVE-2020-12403 CVE-2023-0767}
+	[buster] - nss 2:3.42.1-1+deb10u6
 [20 Feb 2023] DLA-3326-1 isc-dhcp - security update
 	[buster] - isc-dhcp 4.4.1-2+deb10u3
 [20 Feb 2023] DLA-3325-1 openssl - security update


=====================================
data/dla-needed.txt
=====================================
@@ -199,10 +199,6 @@ nodejs
   NOTE: 20221105: Source code not checked. It may be so that the vulnerability is not present in buster.
   NOTE: 20221209: Testsuite: https://lts-team.pages.debian.net/wiki/TestSuites/nodejs.html
 --
-nss (Markus Koschany)
-  NOTE: 20230219: Programming language: C.
-  NOTE: 20230219: VCS: https://salsa.debian.org/lts-team/packages/nss.git
---
 nvidia-graphics-drivers
   NOTE: 20221225: Programming language: binary blob.
   NOTE: 20230103: Cf. on-going discussion on nvidia support (Beuc/front-desk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/121e7aee475909e691d33c6698d0cfed22806fe9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/121e7aee475909e691d33c6698d0cfed22806fe9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230220/ff2009a7/attachment-0001.htm>