Summary: | <dev-libs/nss-3.52.1: Timing attack on DSA signatures (CVE-2020-12399) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | ajak, mozilla |
Priority: | Normal | Flags: | nattka:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=726844 | ||
Whiteboard: | A4 [glsa+ cve] | ||
Package list: |
=dev-libs/nss-3.52.1-r1
|
Runtime testing required: | --- |
Description
Sam James
2020-06-02 23:30:21 UTC
@maintainer(s), let us know when ready for stabilisation. s390 stable arm64 stable sparc stable amd64 stable arm stable ppc stable x86 stable hppa stable ppc64, ping nss-3.52.1 needs an upstream patch to make it build on ppc64 (bug #722110). The patch won't be in upstream nss before 3.55. ppc64 stable. Maintainer(s), please cleanup. Security, please vote. GLSA vote: yes This issue was resolved and addressed in GLSA 202007-49 at https://security.gentoo.org/glsa/202007-49 by GLSA coordinator Sam James (sam_c). (In reply to GLSAMaker/CVETool Bot from comment #14) > This issue was resolved and addressed in > GLSA 202007-49 at https://security.gentoo.org/glsa/202007-49 > by GLSA coordinator Sam James (sam_c). Reopening for cleanup. (In reply to Sam James from comment #15) > (In reply to GLSAMaker/CVETool Bot from comment #14) > > This issue was resolved and addressed in > > GLSA 202007-49 at https://security.gentoo.org/glsa/202007-49 > > by GLSA coordinator Sam James (sam_c). > > Reopening for cleanup. ping. |