[ubuntu/bionic-updates] nss 2:3.35-2ubuntu2.14 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Wed May 11 08:28:27 UTC 2022
nss (2:3.35-2ubuntu2.14) bionic-security; urgency=medium
* SECURITY UPDATE: Denial of service through ChangeCipherSpec
- debian/patches/CVE-2020-25648-1.patch: reject CCS when
compatibility is not specify or if many CCS in a row in
nss/lib/ssl/ssl3con.c and nss/lib/ssl/sslimpl.h.
- debian/patches/CVE-2020-25648-2.patch: reject multiple CCS
packages but allow the first one in
nss/lib/ssl/ssl3con.c and nss/lib/ssl/sslimpl.h.
- CVE-2020-25648
Date: 2022-05-10 13:12:33.645724+00:00
Changed-By: David Fernandez Gonzalez <david.fernandezgonzalez at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/nss/2:3.35-2ubuntu2.14
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list