Overview

File _patchinfo of Package patchinfo.15295

<patchinfo incident="15295">
  <issue tracker="cve" id="2019-17006"/>
  <issue tracker="cve" id="2020-12399"/>
  <issue tracker="cve" id="2020-12402"/>
  <issue tracker="bnc" id="1169746">GCC 10: mozilla-nss build fails on i586</issue>
  <issue tracker="bnc" id="1159819">VUL-0: CVE-2019-17006: mozilla-nss: nss: Check length of inputs for cryptographic primitives</issue>
  <issue tracker="bnc" id="1171978">VUL-0: CVE-2020-12399: mozilla-nss: Timing attack on DSA signature generation</issue>
  <issue tracker="bnc" id="1173022">VUL-0: CVE-2020-12402: mozilla-nss: Update to 3.53.1</issue>
  <issue tracker="bnc" id="1168669">FIPS fixes to libfreebl3 cause segfaults in the test suite of chrony</issue>
  <issue tracker="bnc" id="1170908">Firefox tab crashed that seems caused by mozilla-nss</issue>
  <packager>MSirringhaus</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for mozilla-nspr, mozilla-nss</summary>
  <description>This update for mozilla-nspr, mozilla-nss fixes the following issues:

mozilla-nss was updated to version 3.53.1

- CVE-2020-12402: Fixed a potential side channel attack during RSA key generation (bsc#1173032).
- CVE-2020-12399: Fixed a timing attack on DSA signature generation (bsc#1171978).
- CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819).
- Fixed various FIPS issues in libfreebl3 which were causing segfaults in the test suite of chrony (bsc#1168669).
- Fixed an issue where Firefox tab was crashing (bsc#1170908).

Release notes: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.53_release_notes

mozilla-nspr to version 4.25
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places