Your message dated Tue, 28 Nov 2023 04:49:48 +0000
with message-id <[email protected]>
and subject line Bug#1055112: fixed in nss 2:3.95-1
has caused the Debian Bug report #1055112,
regarding Please backport patch for malformed ECC keys stored permanently in
NSSDB (3.94 only)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1055112: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055112
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libnss3
Please backport
https://hg.mozilla.org/projects/nss/rev/a69c9f36bb8ac1c47cacb6c6ec9f06309de33951
to Sid
This is an upstream bug that has annoying consequences for people that
generate ECC keys on NSS softoken.
The fix does *not* correct the data already stored in DBs so it is
somewhat important to update packages quickly to minimize the number of
people affected.
It should be possible to manually export and then re-import keys to
"fix" the format, but this has not been tested.
The bug was first triggered in the pkcs11-provider upstream project CI
when Fedora imported 3.94 and now it started showing up for Debian (and
MacOS) as well.
Note that Firefox is unaffected because NSS can reformat the keys as it
reads them, the only affected applications are PKCS#11 applications
that use softoken directly.
Fedora 38 fix here:
https://bodhi.fedoraproject.org/updates/FEDORA-2023-eb53986016
HTH,
Simo.
--
Simo Sorce,
DE @ RHEL Crypto Team,
Red Hat, Inc
--- End Message ---
--- Begin Message ---
Source: nss
Source-Version: 2:3.95-1
Done: Mike Hommey <[email protected]>
We believe that the bug you reported is fixed in the latest version of
nss, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mike Hommey <[email protected]> (supplier of updated nss package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 28 Nov 2023 12:59:15 +0900
Source: nss
Architecture: source
Version: 2:3.95-1
Distribution: unstable
Urgency: medium
Maintainer: Maintainers of Mozilla-related packages
<[email protected]>
Changed-By: Mike Hommey <[email protected]>
Closes: 1055112
Changes:
nss (2:3.95-1) unstable; urgency=medium
.
* New upstream release. Closes: #1055112
Checksums-Sha1:
a3f3f2c3efe23ca9a40e8c3119dd5b38570e1bf4 2185 nss_3.95-1.dsc
66f60eb4318d63605f8cdef8ab61478ff0c2c65b 76571130 nss_3.95.orig.tar.gz
7455bb5765a4b0f630d894753265514d5e8495eb 19316 nss_3.95-1.debian.tar.xz
fdf60f2a50cf9400ea211f6055eab0b6d1b07566 6580 nss_3.95-1_source.buildinfo
Checksums-Sha256:
9b47a08aa5efc2d6d115e1b743f39cee380e620cb5a4cbe2edb3535c7493f49e 2185
nss_3.95-1.dsc
469888e41e8a780051ce00edcd914e8a6bd38da88a82cfb84898dd388635822a 76571130
nss_3.95.orig.tar.gz
e5e5c99eeb9431217a5a98d6685d117473cdaf5e5a3f75fbbf093a7dd36c1137 19316
nss_3.95-1.debian.tar.xz
2783acb9dea5331ed268e1c53fd62526513f0d341d80caa8ebb7c637558d33eb 6580
nss_3.95-1_source.buildinfo
Files:
668df8deab0a004e4fc9d875e9836805 2185 libs optional nss_3.95-1.dsc
aa53fba59dd58de418447c9857acee41 76571130 libs optional nss_3.95.orig.tar.gz
7ca3d6113b6a8fc98af74502de882f40 19316 libs optional nss_3.95-1.debian.tar.xz
af8c9b47e63f91af15627a09d3cd9a63 6580 libs optional nss_3.95-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCgAyFiEEGC4WHREwufzNfbFn5CqgT6aqjHIFAmVlZdgUHGdsYW5kaXVt
QGRlYmlhbi5vcmcACgkQ5CqgT6aqjHKokQ//RbufTHeqoFd4ZQ7XCcLhhD3aDdYN
XIcyytwUoy7a3JWQY7PsazRfGPaJqBv8mItLIaUA8GRm/smP+1a/1wG9L47iP/6k
WStI/VAck3v0CeTmWywN1THiqSfZ4PWTmX4F/ZxlzMuI9TbA0FNjjU+RuKIkoxMR
iHDyR6M1LPsZnEBCNWMLK5WqvUkWWaxnHPMz+jedx6HCbDvbdeZyVqNmlKjjq+D7
OxXHpdLYksaSzY83gtMJwb0mpX+Xg2xZVs04bBS9CdcGNqpqfIJDf13QXIgxzFs3
Tl5kxRyzuDGgiIxribVjb/R5YkclnyfBvf+lArTaDwslxaUCkS0VgFtgaGErTXcd
o83r9mjLtNx/6XFSaI2yaBq04NtSaq2Uw+BydAHBiJYFm+Hh1uxUDQXsHfB6hIJd
ibbHZWwkisHfq4/NpoAjCI250F0/JFfMLDVJ6VbYX/tmYC+iXTh16IEXaQBcAACY
Se+9ORlNQhsMocYPq3V2Y6jvGMScOke9soTeHDPsKriZEGDmQ8n/VKrj4RO4FDyL
g9t8+Ta5f1LLbB9QeQC3se/l5vU/dc+aGXngC2BKh0Q06Wwa7ERIF6pk2OU5e3VB
1rIHNO7REcaVJcqFf6iFazdvueKXd7URgW+YPcEBCsZywCroGSCN181Ig01dIMVQ
vMITll0r1O+x0A0=
=DuwY
-----END PGP SIGNATURE-----
--- End Message ---
