Summary: | <dev-libs/nss-3.58: Tighten CCS handling for middlebox compatibility mode in TLS 1.3 handshake (CVE-2020-25648) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | mozilla |
Priority: | Normal | Flags: | nattka:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.mozilla.org/show_bug.cgi?id=1641480 | ||
Whiteboard: | A3 [glsa+ cve] | ||
Package list: |
dev-libs/nss-3.58-r2
dev-libs/nspr-4.29 amd64 hppa ppc ppc64 s390 x86
|
Runtime testing required: | --- |
Bug Depends on: | 750746 | ||
Bug Blocks: |
Description
Sam James
2020-10-19 20:27:48 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8e18430ce14e579a2b7c6c5afbede6281dff231a commit 8e18430ce14e579a2b7c6c5afbede6281dff231a Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-10-19 21:00:36 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-10-19 21:00:36 +0000 dev-libs/nss: bump to v3.58 Bug: https://bugs.gentoo.org/750254 Package-Manager: Portage-3.0.8, Repoman-3.0.2 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> dev-libs/nss/Manifest | 1 + dev-libs/nss/nss-3.58.ebuild | 359 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 360 insertions(+) Sanity check failed:
> dev-libs/nss-3.58
> depend amd64 stable profile default/linux/amd64/17.0 (22 total)
> >=dev-libs/nspr-4.29[abi_x86_32(-),abi_x86_64(-)]
> depend amd64 stable profile default/linux/amd64/17.0/no-multilib (6 total)
> >=dev-libs/nspr-4.29[abi_x86_64(-)]
> depend amd64 dev profile default/linux/amd64/17.0/no-multilib/prefix/kernel-3.2+ (1 total)
> >=dev-libs/nspr-4.29[abi_x86_64(-)]
> depend amd64 dev profile default/linux/amd64/17.0/x32 (1 total)
> >=dev-libs/nspr-4.29[abi_x86_32(-),abi_x86_64(-),abi_x86_x32(-)]
> rdepend amd64 stable profile default/linux/amd64/17.0 (22 total)
> >=dev-libs/nspr-4.29[abi_x86_32(-),abi_x86_64(-)]
> rdepend amd64 stable profile default/linux/amd64/17.0/no-multilib (6 total)
> >=dev-libs/nspr-4.29[abi_x86_64(-)]
> rdepend amd64 dev profile default/linux/amd64/17.0/no-multilib/prefix/kernel-3.2+ (1 total)
> >=dev-libs/nspr-4.29[abi_x86_64(-)]
> rdepend amd64 dev profile default/linux/amd64/17.0/x32 (1 total)
> >=dev-libs/nspr-4.29[abi_x86_32(-),abi_x86_64(-),abi_x86_x32(-)]
> depend arm stable profile default/linux/arm/17.0 (40 total)
> >=dev-libs/nspr-4.29
> depend arm dev profile default/linux/arm/17.0/armv4 (33 total)
> >=dev-libs/nspr-4.29
> rdepend arm stable profile default/linux/arm/17.0 (40 total)
> >=dev-libs/nspr-4.29
> rdepend arm dev profile default/linux/arm/17.0/armv4 (33 total)
> >=dev-libs/nspr-4.29
> depend x86 stable profile default/linux/x86/17.0 (11 total)
> >=dev-libs/nspr-4.29[abi_x86_32(-)]
> rdepend x86 stable profile default/linux/x86/17.0 (11 total)
> >=dev-libs/nspr-4.29[abi_x86_32(-)]
arm done arm64 done sparc done Stabilization canceled due to regression. Resetting sanity check; keywords are not fully specified and arches are not CC-ed. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6ebfd820b1074bbdd0409328af0af1328fdd3ee9 commit 6ebfd820b1074bbdd0409328af0af1328fdd3ee9 Author: Sam James <sam@gentoo.org> AuthorDate: 2020-10-23 12:16:11 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-10-23 12:16:16 +0000 dev-libs/nss: drop 3.58 stable keywords There is a regression in 3.58 currently being investigated. See the bug for details. Bug: https://bugs.gentoo.org/750746 Bug: https://bugs.gentoo.org/750254 Package-Manager: Portage-3.0.8, Repoman-3.0.2 Signed-off-by: Sam James <sam@gentoo.org> dev-libs/nss/nss-3.58.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Unable to check for sanity:
> no match for package: dev-libs/nss-3.58
Resetting sanity check; keywords are not fully specified and arches are not CC-ed. x86 stable arm64 done arm done hppa/ppc/ppc64/sparc stable amd64 stable s390 stable. Maintainer(s), please cleanup. Security, please vote. New GLSA request filed. This issue was resolved and addressed in GLSA 202012-21 at https://security.gentoo.org/glsa/202012-21 by GLSA coordinator Thomas Deutschmann (whissi). |