← Back to team overview

touch-packages team mailing list archive

[Bug 1423031] Re: NSS incorrectly preferring a longer, weaker chain over a shorter, stronger chain

 

** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-1569

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to nss in Ubuntu.
https://bugs.launchpad.net/bugs/1423031

Title:
  NSS incorrectly preferring a longer, weaker chain over a shorter,
  stronger chain

Status in nss package in Ubuntu:
  Fix Released
Status in nss source package in Lucid:
  Fix Released
Status in nss source package in Precise:
  Fix Released
Status in nss source package in Trusty:
  Fix Released
Status in nss source package in Utopic:
  Fix Released
Status in nss source package in Vivid:
  Fix Released
Status in nss package in Debian:
  Confirmed

Bug description:
  See:

  https://code.google.com/p/chromium/issues/detail?id=437733

  and

  https://code.google.com/p/chromium/issues/detail?id=459131

  This issue is fixed in upstream libnss3 version >= 3.17.4

  This issue causes incorrect SHA1 sunset behaviour in Google Chrome.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nss/+bug/1423031/+subscriptions


References