Your message dated Sat, 08 Sep 2018 23:34:11 +0000
with message-id <[email protected]>
and subject line Bug#908332: fixed in nss 2:3.39-1
has caused the Debian Bug report #908332,
regarding nss: CVE-2018-12384: ServerHello.random is all zero when handling a
v2-compatible ClientHello
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
908332: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908332
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: nss
Version: 2:3.38-1
Severity: important
Tags: security upstream
Forwarded: https://bugzilla.mozilla.org/show_bug.cgi?id=1483128
Hi,
The following vulnerability was published for nss.
CVE-2018-12384[0]:
ServerHello.random is all zero when handling a v2-compatible ClientHello
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-12384
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12384
[1] https://bugzilla.mozilla.org/show_bug.cgi?id=1483128
[2] https://hg.mozilla.org/projects/nss/rev/2ed9f6afd84e (NSS_3_39_BRANCH)
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: nss
Source-Version: 2:3.39-1
We believe that the bug you reported is fixed in the latest version of
nss, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mike Hommey <[email protected]> (supplier of updated nss package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 09 Sep 2018 08:03:39 +0900
Source: nss
Binary: libnss3 libnss3-tools libnss3-dev
Architecture: source
Version: 2:3.39-1
Distribution: unstable
Urgency: medium
Maintainer: Maintainers of Mozilla-related packages
<[email protected]>
Changed-By: Mike Hommey <[email protected]>
Description:
libnss3 - Network Security Service libraries
libnss3-dev - Development files for the Network Security Service libraries
libnss3-tools - Network Security Service tools
Closes: 908332
Changes:
nss (2:3.39-1) unstable; urgency=medium
.
* New upstream release.
- Fixes CVE-2018-12384. Closes: #908332.
* debian/libnss3.symbols: Add NSS_3_39 and NSSUTIL_3_39 symbol versions.
Checksums-Sha1:
1cc494ed671543d3b17e329ff564076209fd7156 2146 nss_3.39-1.dsc
351e0e9607ead50174efe5f5107e2dc97e7358f2 23048561 nss_3.39.orig.tar.gz
3747b95d021127b4896ef165b0e4e6fa3c968ce3 19968 nss_3.39-1.debian.tar.xz
56fdeb914fef7292fc5807ee03a86f1ce308c3f9 6424 nss_3.39-1_source.buildinfo
Checksums-Sha256:
4f897b66d1c29e13b0ef42e01501b3bc8a4926d3884f5d4a7581dc620899e820 2146
nss_3.39-1.dsc
6be64dd76f212415cc8bc34343ac1e7389048db4db9a023a84873c411dc5864b 23048561
nss_3.39.orig.tar.gz
b4eba0767491697cda2d9d36a3ad25056dbc57b9001b149df75c59c73a07a6d1 19968
nss_3.39-1.debian.tar.xz
1d653acb39de76acde91f1df238bb12985ec7f6da0f01b82d08e50f344f7cd83 6424
nss_3.39-1_source.buildinfo
Files:
3cca68ac98a53cd4bee53fe0f88ed924 2146 libs optional nss_3.39-1.dsc
10720fc70fd483de1b085402fb10ed59 23048561 libs optional nss_3.39.orig.tar.gz
f69c6e3e01453bf452ba9b4351f976ec 19968 libs optional nss_3.39-1.debian.tar.xz
282cf030159d7b04be507ff02d4d8ac5 6424 libs optional nss_3.39-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEGC4WHREwufzNfbFn5CqgT6aqjHIFAluUVbkACgkQ5CqgT6aq
jHJQMA//T71YhxQA4kF4tlDC54uaG73JOEf5b/bXo5F0vPoEHTVDab/jzZRCqzix
hqBS5Z4OBZldFNuQbwSjZqRhdugygXGe6VZiY9l6VA8EzRohaxxjHneKVkvuu51v
lLpdefAKGZJ5Xm6ul1F1PUSvJrXf5Yp39YPMFURckSuW/LKjusgDdUryUQXTAxBh
rZh+GjxAoYAhCmURnEdIuJgfbQIF+B+NgoAqrzixWHfEeWdgGQ06TVZSeQWNlM18
TtoYlQbMeDyEai6oXP8Bi+egA7ZBi3uiHyu7Mb1eVwjPuBPkGgtSylUurOAkiVnF
6hPJJMI+CLNqylws3ZDddVrKoC14K+Md1fZdiuYRcJzGSfth9gnfIbeTUUkyqgFO
oFDSdDyp4HSVgrL1u3baoyKMeomi5HhTSLjLOaVeYJt/eaXDtlCC5YguOET+oW8D
Mdq0GP1U9N/7muKpie2ousPHnc6vUO3iPld0+E65ODCyIjSU6jbMIW0nsDaaN2WC
vYXC9VVm7I6g6LCG1rSHOwKzywQFfyppt4I7eav3mwdCSO7FdeMmEhZeY10Ah5/O
tAzsCR19xET8elTcQGlV6HA0F9A3wXGjGkGqruKP40GGYnfyUakWpnWW8ZFSBEBs
3SktOp0+R89Fy8pvirV0misF/s9CfngoXrC4Br2UbHaJU1CT4Ic=
=nKmQ
-----END PGP SIGNATURE-----
--- End Message ---
