Package: release.debian.org
Severity: normal
Tags: trixie
X-Debbugs-Cc: [email protected], [email protected], Mike Hommey 
<[email protected]>, [email protected]
Control: affects -1 + src:nss
User: [email protected]
Usertags: pu

Hi

nss was affected by CVE-2026-12318 but not warranting a DSA. I
prepared an update cherry-picking this change on top of the last DSA
released by Moritz.

Tests on debusine were performed as:
https://debusine.debian.net/debian/developers/work-request/902930/

Regards,
Salvatore
diff -Nru nss-3.110/debian/changelog nss-3.110/debian/changelog
--- nss-3.110/debian/changelog  2026-05-17 18:37:16.000000000 +0200
+++ nss-3.110/debian/changelog  2026-06-30 20:22:51.000000000 +0200
@@ -1,3 +1,11 @@
+nss (2:3.110-1+deb13u3) trixie; urgency=medium
+
+  * Non-maintainer upload.
+  * improve handling of escape sequences in pk11uri_ParseAttributes
+    (CVE-2026-12318)
+
+ -- Salvatore Bonaccorso <[email protected]>  Tue, 30 Jun 2026 20:22:51 +0200
+
 nss (2:3.110-1+deb13u2) trixie-security; urgency=medium
 
   * CVE-2026-6766
diff -Nru nss-3.110/debian/patches/CVE-2026-12318.patch 
nss-3.110/debian/patches/CVE-2026-12318.patch
--- nss-3.110/debian/patches/CVE-2026-12318.patch       1970-01-01 
01:00:00.000000000 +0100
+++ nss-3.110/debian/patches/CVE-2026-12318.patch       2026-06-30 
20:22:01.000000000 +0200
@@ -0,0 +1,36 @@
+
+# HG changeset patch
+# User John Schanck <[email protected]>
+# Date 1776891142 0
+# Node ID bd0c42028c8eae5b9cbdb4f5b0ee59bc07cba2de
+# Parent  98ae9f70d97a87957a997af8ac9110836a5dd094
+Bug 2023478 - improve handling of escape sequences in pk11uri_ParseAttributes. 
r=nss-reviewers,keeler
+
+Differential Revision: https://phabricator.services.mozilla.com/D295642
+
+diff --git a/nss/lib/util/pkcs11uri.c b/nss/lib/util/pkcs11uri.c
+--- a/nss/lib/util/pkcs11uri.c
++++ b/nss/lib/util/pkcs11uri.c
+@@ -619,19 +619,19 @@ pk11uri_ParseAttributes(const char **str
+             if (strchr(stop_chars, *p) != NULL) {
+                 break;
+             }
+             if (strchr(accept_chars, *p) != NULL) {
+                 continue;
+             }
+             if (*p == '%') {
+                 const char ch2 = *++p;
+-                if (strchr(PK11URI_HEXDIG, ch2) != NULL) {
++                if (ch2 != '\0' && strchr(PK11URI_HEXDIG, ch2) != NULL) {
+                     const char ch3 = *++p;
+-                    if (strchr(PK11URI_HEXDIG, ch3) != NULL)
++                    if (ch3 != '\0' && strchr(PK11URI_HEXDIG, ch3) != NULL)
+                         continue;
+                 }
+             }
+ 
+             return SECFailure;
+         }
+         value_end = p;
+ 
+
diff -Nru nss-3.110/debian/patches/series nss-3.110/debian/patches/series
--- nss-3.110/debian/patches/series     2026-05-17 18:36:57.000000000 +0200
+++ nss-3.110/debian/patches/series     2026-06-30 20:21:02.000000000 +0200
@@ -4,3 +4,4 @@
 CVE-2026-6766.patch
 CVE-2026-6767.patch
 CVE-2026-6772.patch
+CVE-2026-12318.patch

Reply via email to