This bug was fixed in the package nss - 2:3.49.1-1ubuntu1.4 --------------- nss (2:3.49.1-1ubuntu1.4) focal-security; urgency=medium
* SECURITY UPDATE: Side-channel attack - debian/patches/CVE-2020-12400-and-6829-*.patch: use constant-time P-384 and P-521 in nss/lib/freebl/ecl/ecl-priv.h, nss/lib/freebl/ecl/ecl.c, nss/lib/freebl/ecl/ecl_spec384r1.c, nss/lib/freebl/freebl_base.gypi, nss/lib/freebl/manifest.mn, nss/test/ec/ectest.sh. - CVE-2020-12400 - CVE-2020-6829 * SECURITY UPDATE: Timing attack mitigation bypass - debian/patches/CVE-2020-12401.patch: remove unnecessary scalar padding in nss/lib/freebl/ec.c. - CVE-2020-12401 -- leo.barb...@canonical.com (Leonidas S. Barbosa) Wed, 05 Aug 2020 15:28:48 -0300 ** Changed in: nss (Ubuntu Focal) Status: Fix Committed => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-12400 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-12401 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-6829 ** Changed in: nss (Ubuntu Bionic) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1885562 Title: [fips] freebl_fipsSoftwareIntegrityTest fails in FIPS mode To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss/+bug/1885562/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs