Information on source package nss

Available versions

ReleaseVersion
jessie2:3.26-1+debu8u3
jessie (security)2:3.26-1+debu8u6
stretch (security)2:3.26.2-1.1+deb9u1
buster2:3.42.1-1+deb10u1
bullseye2:3.45-1
sid2:3.45-1

Open issues

BugjessiestretchbusterbullseyesidDescription
CVE-2019-11729fixedvulnerable (no DSA)fixedfixedfixedEmpty or malformed p256-ECDH public keys may trigger a segmentation fa ...
CVE-2019-11727vulnerable (no DSA, ignored)vulnerable (no DSA)fixedfixedfixedA vulnerability exists where it possible to force Network Security Ser ...
CVE-2019-11719fixedvulnerable (no DSA)fixedfixedfixedWhen importing a curve25519 private key in PKCS#8format with leading 0 ...
CVE-2018-18508fixedvulnerablefixedfixedfixedNULL pointer dereference in several CMS functions resulting in a denial of service
CVE-2018-12404fixedvulnerablefixedfixedfixedA cached side channel attack during handshakes using RSA encryption co ...
CVE-2018-12384vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)fixedfixedfixedWhen handling a SSLv2-compatible ClientHello request, the server doesn ...
CVE-2016-9074vulnerable (no DSA)fixedfixedfixedfixedAn existing mitigation of timing side-channel attacks is insufficient ...

Open unimportant issues

BugjessiestretchbusterbullseyesidDescription
CVE-2017-11698vulnerablevulnerablevulnerablevulnerablevulnerableHeap-based buffer overflow in the __get_page function in lib/dbm/src/h ...
CVE-2017-11697vulnerablevulnerablevulnerablevulnerablevulnerableThe __hash_open function in hash.c:229 in Mozilla Network Security Ser ...
CVE-2017-11696vulnerablevulnerablevulnerablevulnerablevulnerableHeap-based buffer overflow in the __hash_open function in lib/dbm/src/ ...
CVE-2017-11695vulnerablevulnerablevulnerablevulnerablevulnerableHeap-based buffer overflow in the alloc_segs function in lib/dbm/src/h ...

Resolved issues

BugDescription
TEMP-0000000-583651nspr, nss: unprotected environment variables
CVE-2017-7805During TLS 1.2 exchanges, handshake hashes are generated which point t ...
CVE-2017-7502Null pointer dereference vulnerability in NSS since 3.24.0 was found w ...
CVE-2017-5462A flaw in DRBG number generation within the Network Security Services ...
CVE-2017-5461Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through ...
CVE-2016-9574nss before version 3.30 is vulnerable to a remote denial of service du ...
CVE-2016-8635It was found that Diffie Hellman Client key exchange handling in NSS 3 ...
CVE-2016-5285
CVE-2016-2834Mozilla Network Security Services (NSS) before 3.23, as used in Mozill ...
CVE-2016-1979Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndRet ...
CVE-2016-1978Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange f ...
CVE-2016-1950Heap-based buffer overflow in Mozilla Network Security Services (NSS) ...
CVE-2016-1938The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Secur ...
CVE-2016-0800The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before ...
CVE-2015-7575Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozi ...
CVE-2015-7182Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Sec ...
CVE-2015-7181The sec_asn1d_parse_leaf function in Mozilla Network Security Services ...
CVE-2015-4000The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is ena ...
CVE-2015-2730Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozi ...
CVE-2015-2721Mozilla Network Security Services (NSS) before 3.19, as used in Mozill ...
CVE-2014-3566The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other prod ...
CVE-2014-1569The definite_length_decoder function in lib/util/quickder.c in Mozilla ...
CVE-2014-1568Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before ...
CVE-2014-1544Use-after-free vulnerability in the CERT_DestroyCertificate function i ...
CVE-2014-1492The cert_TestHostName function in lib/certdb/certdb.c in the certifica ...
CVE-2014-1491Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozi ...
CVE-2014-1490Race condition in libssl in Mozilla Network Security Services (NSS) be ...
CVE-2013-5606The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Netw ...
CVE-2013-5605Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 be ...
CVE-2013-1741Integer overflow in Mozilla Network Security Services (NSS) 3.15 befor ...
CVE-2013-1740The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Net ...
CVE-2013-1739Mozilla Network Security Services (NSS) before 3.15.2 does not ensure ...
CVE-2013-1620The TLS implementation in Mozilla Network Security Services (NSS) does ...
CVE-2013-0791The CERT_DecodeCertPackage function in Mozilla Network Security Servic ...
CVE-2013-0169The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as use ...
CVE-2012-0441The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security ...
CVE-2011-3640** DISPUTED ** Untrusted search path vulnerability in Mozilla Network ...
CVE-2011-3389The SSL protocol, as used in certain configurations in Microsoft Windo ...
CVE-2010-3173The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x befo ...
CVE-2010-3170Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird bef ...
CVE-2009-3555The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as us ...
CVE-2009-2409The Network Security Services (NSS) library before 3.12.3, as used in ...
CVE-2009-2408Mozilla Network Security Services (NSS) before 3.12.3, Firefox before ...
CVE-2009-2404Heap-based buffer overflow in a regular-expression parser in Mozilla N ...

Security announcements

DSA / DLADescription
DLA-1857-1nss - security update
DLA-1704-1nss - security update
DLA-1138-1nss - security update
DSA-3998-1nss - security update
DSA-3998-1nss - security update
DSA-3872-1nss - security update
DLA-971-1nss - security update
DLA-946-1nss - security update
DLA-759-1nss - security update
DLA-677-1nss - security update
DSA-3688-1nss - security update
DLA-527-1nss - security update
DLA-507-1nss - security update
DLA-480-1nss - security update
DLA-427-1nss - security update
DLA-354-1nss - security update
DLA-315-1nss - security update
DSA-3336-1nss - security update
DSA-3336-1nss - security update
DSA-3186-1nss - security update
DLA-154-1nss - security update
DLA-89-1nss - security update
DSA-3071-1nss - security update
DSA-3033-1nss - security update
DLA-62-1nss - security update
DSA-2994-1nss - security update
DLA-23-1nss - security update
DSA-2800-1nss - buffer overflow
DSA-2800-1nss - buffer overflow
DSA-2790-1nss - uninitialized memory read
DSA-2599-1nss - mis-issued intermediates
DSA-2490-1nss - denial of service
DSA-2339-1nss - several
DSA-2339-1nss - several
DSA-2300-2nss - compromised certificate authority
DSA-2300-2nss - compromised certificate authority
DSA-2300-1nss - compromised certificate authority
DSA-2300-1nss - compromised certificate authority
DSA-2141-2nss - protocol design flaw
DSA-2123-1nss - cryptographic weaknesses
DSA-1874-1nss - several vulnerabilities

Search for package or bug name: Reporting problems