touch-packages team mailing list archive

Thread
Date

[Bug 1423031] Re: NSS incorrectly preferring a longer, weaker chain over a shorter, stronger chain

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1423031@xxxxxxxxxxxxxxxxxx>
Date: Thu, 19 Feb 2015 17:47:17 -0000
Reply-to: Bug 1423031 <1423031@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package nss - 3.17.4-0ubuntu0.12.04.1

---------------
nss (3.17.4-0ubuntu0.12.04.1) precise-security; urgency=medium

  * SECURITY UPDATE: update to upstream 3.17.4 to get new CA certificate
    bundle, and to fix incorrect SHA-1 behaviour. (LP: #1423031)
  * Removed unneeded patches:
    - debian/patches/CVE-2014-1569.patch: included upstream.
 -- Marc Deslauriers <marc.deslauriers@xxxxxxxxxx>   Thu, 19 Feb 2015 07:45:59 -0500

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to nss in Ubuntu.
https://bugs.launchpad.net/bugs/1423031

Title:
  NSS incorrectly preferring a longer, weaker chain over a shorter,
  stronger chain

Status in nss package in Ubuntu:
  Fix Released
Status in nss source package in Lucid:
  Fix Released
Status in nss source package in Precise:
  Fix Released
Status in nss source package in Trusty:
  Fix Released
Status in nss source package in Utopic:
  Fix Released
Status in nss source package in Vivid:
  Fix Released
Status in nss package in Debian:
  Confirmed

Bug description:
  See:

  https://code.google.com/p/chromium/issues/detail?id=437733

  and

  https://code.google.com/p/chromium/issues/detail?id=459131

  This issue is fixed in upstream libnss3 version >= 3.17.4

  This issue causes incorrect SHA1 sunset behaviour in Google Chrome.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nss/+bug/1423031/+subscriptions

References

[Bug 1423031] [NEW] NSS incorrectly preferring a longer, weaker chain over a shorter, stronger chain
From: Cambell Prince, 2015-02-18