[Git][security-tracker-team/security-tracker][master] CVE-2019-11727/CVE-2019-17023: Same applies as for jessie

Mon, 27 Jul 2020 11:32:05 -0700 


Adrian Bunk pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c211f8ed by Adrian Bunk at 2020-07-27T21:29:33+03:00
CVE-2019-11727/CVE-2019-17023: Same applies as for jessie

nss 3.26.2 in stretch does not contain more TLS 1.3 support
than nss 3.26 in jessie.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -47719,6 +47719,7 @@ CVE-2019-17023 (After a HelloRetryRequest has been 
sent, the client may negotiat
        {DSA-4726-1}
        - firefox 72.0-1
        - nss 2:3.49-1
+       [stretch] - nss <not-affected> (Vulnerable code was introduced later)
        [jessie] - nss <not-affected> (Vulnerable code was introduced later)
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17023
        NOTE: 
https://hg.mozilla.org/projects/nss/rev/d64102b76a437f24d98a20480dcc9f1655143e7c
@@ -64928,7 +64929,7 @@ CVE-2019-11727 (A vulnerability exists where it 
possible to force Network Securi
        - firefox 68.0-1 (unimportant)
        - nss 2:3.45-1
        [buster] - nss 2:3.42.1-1+deb10u1
-       [stretch] - nss <no-dsa> (Minor issue)
+       [stretch] - nss <ignored> (Issue is specific to TLS 1.3 and support was 
not really complete in 3.26; code has diverged significantly since and applying 
the fix would be very disruptive)
        [jessie] - nss <ignored> (Issue is specific to TLS 1.3 and support was 
not really complete in 3.26; code has diverged significantly since and applying 
the fix would be very disruptive)
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11727
        NOTE: 
https://hg.mozilla.org/projects/nss/rev/0a4e8b72a92e144663c2f35d3836f7828cfc97f2



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c211f8ed4a2ce718512c4d4f1c45ba64a7da04af

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c211f8ed4a2ce718512c4d4f1c45ba64a7da04af
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to