This bug was fixed in the package nss - 2:3.48-1ubuntu1

---------------
nss (2:3.48-1ubuntu1) focal; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - d/libnss3.links: make freebl3 available as library (LP #1744328)
    - d/control: add dh-exec to Build-Depends
    - d/rules: make mkdir tolerate debian/tmp existing (due to dh-exec)
    - Disable reading fips_enabled flag in FIPS mode. libnss is
      not a FIPS certified library. (LP #1837734)
  * Set TLSv1.2 as minimum TLS version. LP: #1856428

nss (2:3.48-1) unstable; urgency=medium

  * New upstream release. Closes: #947131.
  * debian/control: Bump nspr build dependency to 4.24.
  * nss/lib/freebl/Makefile: Disable hardware AES on ARM softfloat to fix
    FTBFS on armel. Closes: #947246.

nss (2:3.47.1-1) unstable; urgency=medium

  * New upstream release.
    - Fixes CVE-2019-11745.

 -- Ubuntu Merge-o-Matic <m...@ubuntu.com>  Sun, 29 Dec 2019 03:43:36
+0000

** Changed in: nss (Ubuntu)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-11745

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1856428

Title:
  Disable TLS below 1.2 by default

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnutls28/+bug/1856428/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to