Debian Bug report logs -
#921614
nss: CVE-2018-18508: NULL pointer dereference in several CMS functions resulting in a denial of service
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 7 Feb 2019 08:18:01 UTC
Severity: important
Tags: security, upstream
Found in version nss/2:3.42-1
Fixed in version nss/2:3.42.1-1
Done: Mike Hommey <glandium@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, team@security.debian.org, Maintainers of Mozilla-related packages <team+pkg-mozilla@tracker.debian.org>:
Bug#921614; Package src:nss.
(Thu, 07 Feb 2019 08:18:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, team@security.debian.org, Maintainers of Mozilla-related packages <team+pkg-mozilla@tracker.debian.org>.
(Thu, 07 Feb 2019 08:18:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: nss
Version: 2:3.42-1
Severity: important
Tags: security upstream
Hi,
The following vulnerability was published for nss, fixed upstream in
3.42.1.
CVE-2018-18508[0]:
|NULL pointer dereference in several CMS functions resulting in a
|denial of service
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-18508
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
Reply sent
to Mike Hommey <glandium@debian.org>:
You have taken responsibility.
(Wed, 13 Feb 2019 04:51:03 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Wed, 13 Feb 2019 04:51:03 GMT) (full text, mbox, link).
Message #10 received at 921614-close@bugs.debian.org (full text, mbox, reply):
Source: nss
Source-Version: 2:3.42.1-1
We believe that the bug you reported is fixed in the latest version of
nss, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 921614@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mike Hommey <glandium@debian.org> (supplier of updated nss package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 13 Feb 2019 13:19:39 +0900
Source: nss
Binary: libnss3 libnss3-tools libnss3-dev
Architecture: source
Version: 2:3.42.1-1
Distribution: unstable
Urgency: medium
Maintainer: Maintainers of Mozilla-related packages <team+pkg-mozilla@tracker.debian.org>
Changed-By: Mike Hommey <glandium@debian.org>
Description:
libnss3 - Network Security Service libraries
libnss3-dev - Development files for the Network Security Service libraries
libnss3-tools - Network Security Service tools
Closes: 921614
Changes:
nss (2:3.42.1-1) unstable; urgency=medium
.
* New upstream release.
- Fixes CVE-2018-18508. Closes: #921614.
Checksums-Sha1:
6d43d0648bb8f1d7a633f1e56a2a63a4c49611f6 2160 nss_3.42.1-1.dsc
770c6ccfe1cd4d08c0eaa198f73b791b9629a5aa 23416408 nss_3.42.1.orig.tar.gz
e9db7e6973c28576fd503e0e804ae0d4bc932c27 20036 nss_3.42.1-1.debian.tar.xz
540c03242ed82703241366528a2fd2fa221266aa 6062 nss_3.42.1-1_source.buildinfo
Checksums-Sha256:
527392bcf0d7221feb687784776be66b119f1d921e7ae6f30b9f95a005483944 2160 nss_3.42.1-1.dsc
087db37d38fd49dfd584dd2a8b5baa7fc88de7c9bd97c0c2d5be4abcafc61fc6 23416408 nss_3.42.1.orig.tar.gz
df3e4d969909c762538c57491c111df4de24fd71b7c746717d489aef38dfa758 20036 nss_3.42.1-1.debian.tar.xz
6aacfdbc6e75543b6767e8dd3ec74331afc598d2586e27e177e77fa6543d42e5 6062 nss_3.42.1-1_source.buildinfo
Files:
01c236e430c759289a8eb2c74faf432d 2160 libs optional nss_3.42.1-1.dsc
1f6cc6c702379478a3a72298caaef0a7 23416408 libs optional nss_3.42.1.orig.tar.gz
25a5007f62d0bdca4b5c631757463a62 20036 libs optional nss_3.42.1-1.debian.tar.xz
4899aaa98b6cb0d9a454f463536c078a 6062 libs optional nss_3.42.1-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEGC4WHREwufzNfbFn5CqgT6aqjHIFAlxjm24ACgkQ5CqgT6aq
jHJ8aQ//bSnqKhEpgIUtaCfnrLaLWAVNidAQ3ENtym11te7O4f4Xnai2td/Lq9hH
S5w2z0sZoDBkHLuVCkK5JwTOZJIgMnpilg8y2DSiILqS3ljWfHygQwwJkX6ntEFJ
9LwSZyw4QaioeJ3iOf+JpSraCezblKIRZj/1PL3cM/XSskLuI9FjL74s69ltmw+w
y3dSb9tZSIfPo3WiKlS7Ru01snVQ5zwrR+cAXlCumVlZdrlbXPxDVUpQJ5UDKrdz
7tL9Lj5nKLcrqcsZ8QkGXqgOB61F/YxJ8MWoTqKKsq3+Vd0ofUWljv1arjOatytT
1fnX/pvRXhUOLR+u7+V4VLMgoQly3WjxMMZxdijUp78bvXZDuumdIGWnxjKkgBJl
2hxdUnexDeul8C4SiaPsBWeZ7c/ThO1bC6wdE8dzLtTxptA7b0RScWs61pYWMz6P
QwK/Oj1NdtSJFMjFHPlksHSmf1eoWzzdERsOgaTgbXctnzDTjG8MAhpaL8YtsXdT
gVlYmlKGZ/nEapOVYikp8q+Ga7NuCH28s1+o0XfsAWpjH27LQ7vSCPtYRSgzRd0G
15eS3uoF8noTlb++I+DYMrDBZ1N8vYJo0hvtQCB3ydatVHYp8TBV6NSkhqOVxzRW
1abVOcjCI3oiBeQrEzYVmegJPzMYOMl1+WVV31X5CNviRVkJ+F4=
=NCeK
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Wed, 13 Mar 2019 07:25:51 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:28:08 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon