[SECURITY] [DLA 2387-2] firefox-esr regression update

2020-09-29 Thread Emilio Pozuelo Monfort 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

- -
Debian LTS Advisory DLA-2387-2debian-...@lists.debian.org
https://www.debian.org/lts/security/   Emilio Pozuelo Monfort
September 29, 2020https://wiki.debian.org/LTS
- -

Package: firefox-esr
Version: 78.3.0esr-1~deb9u2

This update fixes a problem that caused Firefox to fail to build on the
arm64 and armhf architectures.

For Debian 9 stretch, this problem has been fixed in version
78.3.0esr-1~deb9u2.

We recommend that you upgrade your firefox-esr packages.

For the detailed security status of firefox-esr please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/firefox-esr

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl9zswgACgkQnUbEiOQ2
gwJKPhAAukaOqLs+ceq8k6ZTGtQvdlGOPgcith9pRtK+sbaP8V/nqGL0J+0cpUxp
c+y9u4vNI3W8Re1SlRI1qV06bIclRmnV2e6C7SpXbEeYeb2URlV063OOVuWSvwYo
35Wk/ZGCoZjl+qsfC0xmihPBMkhrupyuV7Sx4Mo4y3TQZ16VtWcUUCsqaCT4gXuE
mkA1J+YujQCr9RmrInKYJV9ibrmRiU9rL+J71hilsKtSjcu5TBHogDDexpxh62je
kA1G4Q2tzZ/DCHpqEZPWGk/QU05Lz+DCGxTOY9yTP+Mq5cgz1mdDiGGqw12IZTbl
hZA7WJHxnox4sd4+ghnNFvcydpC92/VKFisbM6JClUSEZKhmJoxyFCC4duAfM3zN
YjbiXPt0OVkbSbc3ZDokvex4rA+W9rESxA42GDrlGQW4pDifMYvGaDl0XrhoYKrf
zDl24ilrG8BPpSPFiqm7p9sbqr5MlMTUL2St8AxE2z5F4byWcTZS6Mp8pxMrnDyt
QiBNNQv/Ype/E/Mjf5mhX6Ti/m1+o1FtT1pFlNOqKV2ruOyCp8bzjWZSJhjRPZgI
qi0kBUawKqXawu1bYVy8Ix8J3V/t4g9T5M0qpE7Urvz1Xwi5iDk0eR/LaS3NUvmG
LORhlw/7Lje72gdxyP7ET1WyIm4UKmCUbrlsG/tAKWlFzDpj0Gs=
=yzwQ
-END PGP SIGNATURE-

[SECURITY] [DLA 2388-1] nss security update

2020-09-29 Thread Adrian Bunk 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

- -
Debian LTS Advisory DLA-2388-1debian-...@lists.debian.org
https://www.debian.org/lts/security/  Adrian Bunk
September 29, 2020https://wiki.debian.org/LTS
- -

Package: nss
Version: 2:3.26.2-1.1+deb9u2
CVE ID : CVE-2018-12404 CVE-2018-18508 CVE-2019-11719 CVE-2019-11729 
 CVE-2019-11745 CVE-2019-17006 CVE-2019-17007 CVE-2020-6829 
 CVE-2020-12399 CVE-2020-12400 CVE-2020-12401 CVE-2020-12402 
 CVE-2020-12403
Debian Bug : 921614 961752 963152

Various vulnerabilities were fixed in nss,
the Network Security Service libraries.

CVE-2018-12404

Cache side-channel variant of the Bleichenbacher attack.

CVE-2018-18508

NULL pointer dereference in several CMS functions resulting in a 
denial of service.

CVE-2019-11719

Out-of-bounds read when importing curve25519 private key.

CVE-2019-11729

Empty or malformed p256-ECDH public keys may trigger a segmentation 
fault.

CVE-2019-11745

Out-of-bounds write when encrypting with a block cipher.

CVE-2019-17006

Some cryptographic primitives did not check the length of the input 
text, potentially resulting in overflows.

CVE-2019-17007

Handling of Netscape Certificate Sequences may crash with a NULL 
dereference leading to a denial of service.

CVE-2020-12399

Force a fixed length for DSA exponentiation.

CVE-2020-6829
CVE-2020-12400

Side channel attack on ECDSA signature generation.

CVE-2020-12401

ECDSA timing attack mitigation bypass.

CVE-2020-12402

Side channel vulnerabilities during RSA key generation.

CVE-2020-12403

CHACHA20-POLY1305 decryption with undersized tag leads to 
out-of-bounds read.

For Debian 9 stretch, these problems have been fixed in version
2:3.26.2-1.1+deb9u2.

We recommend that you upgrade your nss packages.

For the detailed security status of nss please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/nss

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl9zh9AACgkQiNJCh6LY
mLECsBAAwG1ooIYlA1tctSKDyDWOAZ/eXED+xSc2ybze888ttYQkCCPwKo9kC75o
x7gexxkQ1re4kw7J/D9LFW/fSiCEtiU2HYgvsSjk9broRBAFzwKT5+RcQf4939rb
KdQu0n5CqbSybdCq12Q6RNOj1n6SuthYYDxy58DvnU6OK+6fzFR1Av3/cVyNxCvr
QiGLW23ZvWwiui3UjP2ZgPhqSMu3V+bsDcbcu1698kQitPLp34VyqU7MJZyyMT4H
NZh/wbPANZyi2i4O6i6KxA7zu/O7hfdxY75svCa8/YKe+4oK2j85QtkQhKlL7d1g
lW7m2OU3wMeSfjvYnRgtt+Yubl4obHptD/oS1qy7sImq849eNyD7vVcS78vVRFh8
V7q6+2viEkkta/jpw5u7ELRrjIo6lprMd0rddaDzNMiKmzumR6zUqjxuIPGNnE1+
rQ7JLl0oRZvKFBKYPzE2oo1fG77K7qIBV2qATZ6QE9bGEhApnTqKen7x1UU0n6xK
UO4IfETtsYwyKvlwb1FY3nfEF/0T3tDw/wLajSjTj7eZui1bbuwthIopdKYYUbLw
vSsedvKfH5c3mL3u5lCJxwp8XUMioJ8Pw9yAZgxYI8a/cZOy0Cxix2ROgIcbIq8L
WZ5++RMIEJ+B0GMa8RONTcD7WGAF8Ns1LyxOohAPWau2oEfsXr0=
=VSGn
-END PGP SIGNATURE-