GNU bug report logs - #52228
NSS CVE-2021-43527 "memory corruption validating dsa/rsa-pss signatures"

Previous Next

Package: guix;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Wed, 1 Dec 2021 17:35:02 UTC

Severity: normal

Done: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#52228: closed (NSS CVE-2021-43527 "memory corruption
 validating dsa/rsa-pss signatures")
Date: Wed, 23 Mar 2022 02:35:01 +0000

[Message part 1 (text/plain, inline)]
Your message dated Tue, 22 Mar 2022 22:34:36 -0400
with message-id <87zglhz9ab.fsf <at> gmail.com>
and subject line Re: bug#52228: NSS CVE-2021-43527 "memory corruption validating dsa/rsa-pss signatures"
has caused the debbugs.gnu.org bug report #52228,
regarding NSS CVE-2021-43527 "memory corruption validating dsa/rsa-pss signatures"
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
52228: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=52228
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Leo Famulari <leo <at> famulari.name>
To: bug-guix <at> gnu.org
Subject: NSS CVE-2021-43527 "memory corruption validating dsa/rsa-pss
 signatures"
Date: Wed, 1 Dec 2021 12:34:27 -0500

An attacker-controlled memory corruption vulnerability was discovered in
NSS:

https://bugs.chromium.org/p/project-zero/issues/detail?id=2237



[Message part 3 (message/rfc822, inline)]
From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: Leo Famulari <leo <at> famulari.name>
Cc: 52228-done <at> debbugs.gnu.org, Mark H Weaver <mhw <at> netris.org>
Subject: Re: bug#52228: NSS CVE-2021-43527 "memory corruption validating
 dsa/rsa-pss signatures"
Date: Tue, 22 Mar 2022 22:34:36 -0400

Hello,

Leo Famulari <leo <at> famulari.name> writes:

> On Fri, Dec 03, 2021 at 07:28:18PM -0500, Mark H Weaver wrote:
>> Hi,
>> 
>> For the record, I've pushed commits
>> 080a5de2eeb5e0da83ae9fd94488508d5227c4e3 and
>> d49e7a592f2f12cd1f9e07edfeebe0a2771f491e to the 'master' branch, which I
>> believe should fix this issue in our 'nss', 'icecat', 'icedove',
>> 'icedove-wayland', and 'geierlein' packages.
>
> Thanks for working on it, Mark.
>
>> Does anyone know if there are other packages in Guix that include a
>> bundled copy of NSS?  If not, I guess this bug can be closed.
>
> Personally I don't know... I hope not. Let's wait a couple more days
> before closing.

It's been 15 weeks :-).

Closing.

Maxim
This bug report was last modified 3 years and 60 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.