[Git][security-tracker-team/security-tracker][master] Add CVE-2020-6829 and CVE-2020-12400 for nss

Fri, 31 Jul 2020 23:55:43 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a5c3cc82 by Salvatore Bonaccorso at 2020-08-01T08:54:09+02:00
Add CVE-2020-6829 and CVE-2020-12400 for nss

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9550,8 +9550,13 @@ CVE-2020-12402 (During RSA key generation, bignum 
implementations used a variati
        NOTE: Fixed upstream in 3.53.1
 CVE-2020-12401
        RESERVED
-CVE-2020-12400
+CVE-2020-12400 [P-384 and P-521 implementation uses a side-channel vulnerable 
modular inversion function]
        RESERVED
+       - nss 2:3.55-1
+       NOTE: 
https://hg.mozilla.org/projects/nss/rev/e55ab3145546ae3cf1333b43956a974675d2d25c
+       NOTE: 
https://hg.mozilla.org/projects/nss/rev/3f022d5eca5d3cd0e366a825a5681953d76299d0
+       NOTE: 
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes
+       NOTE: Issue relates to CVE-2020-6829 and resolved in the same commits.
 CVE-2020-12399 (NSS has shown timing differences when performing DSA 
signatures, which ...)
        {DSA-4726-1 DSA-4702-1 DSA-4695-1 DLA-2266-1 DLA-2247-1 DLA-2243-1}
        - firefox 77.0-1
@@ -24698,8 +24703,13 @@ CVE-2020-6831 (A buffer overflow could occur when 
parsing and validating SCTP ch
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-6831
 CVE-2020-6830 (For native-to-JS bridging, the app requires a unique token to 
be passe ...)
        - firefox <not-affected> (Firefox on iOS)
-CVE-2020-6829
+CVE-2020-6829 [Side channel attack on ECDSA signature generation]
        RESERVED
+       - nss 2:3.55-1
+       NOTE: 
https://hg.mozilla.org/projects/nss/rev/e55ab3145546ae3cf1333b43956a974675d2d25c
+       NOTE: 
https://hg.mozilla.org/projects/nss/rev/3f022d5eca5d3cd0e366a825a5681953d76299d0
+       NOTE: 
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes
+       NOTE: Issue relates to CVE-2020-12400 and resolved in the same commits.
 CVE-2020-6828 (A malicious Android application could craft an Intent that 
would have  ...)
        - firefox-esr <not-affected> (Android-specific)
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-13/#CVE-2020-6828



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a5c3cc829ad39c98f1a9ee48f5275bd1b11a63ec

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a5c3cc829ad39c98f1a9ee48f5275bd1b11a63ec
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to