touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #56655
[Bug 1423031] Re: NSS incorrectly preferring a longer, weaker chain over a shorter, stronger chain
** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-1569
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to nss in Ubuntu.
https://bugs.launchpad.net/bugs/1423031
Title:
NSS incorrectly preferring a longer, weaker chain over a shorter,
stronger chain
Status in nss package in Ubuntu:
Fix Released
Status in nss source package in Lucid:
Fix Released
Status in nss source package in Precise:
Fix Released
Status in nss source package in Trusty:
Fix Released
Status in nss source package in Utopic:
Fix Released
Status in nss source package in Vivid:
Fix Released
Status in nss package in Debian:
Confirmed
Bug description:
See:
https://code.google.com/p/chromium/issues/detail?id=437733
and
https://code.google.com/p/chromium/issues/detail?id=459131
This issue is fixed in upstream libnss3 version >= 3.17.4
This issue causes incorrect SHA1 sunset behaviour in Google Chrome.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nss/+bug/1423031/+subscriptions
References