GNU bug report logs - #52228
NSS CVE-2021-43527 "memory corruption validating dsa/rsa-pss signatures"

Previous Next

Package: guix;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Wed, 1 Dec 2021 17:35:02 UTC

Severity: normal

Done: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Leo Famulari <leo <at> famulari.name>
Subject: bug#52228: closed (Re: bug#52228: NSS CVE-2021-43527 "memory
 corruption validating dsa/rsa-pss signatures")
Date: Wed, 23 Mar 2022 02:35:02 +0000

[Message part 1 (text/plain, inline)]
Your bug report

#52228: NSS CVE-2021-43527 "memory corruption validating dsa/rsa-pss signatures"

which was filed against the guix package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 52228 <at> debbugs.gnu.org.

-- 
52228: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=52228
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: Leo Famulari <leo <at> famulari.name>
Cc: 52228-done <at> debbugs.gnu.org, Mark H Weaver <mhw <at> netris.org>
Subject: Re: bug#52228: NSS CVE-2021-43527 "memory corruption validating
 dsa/rsa-pss signatures"
Date: Tue, 22 Mar 2022 22:34:36 -0400

Hello,

Leo Famulari <leo <at> famulari.name> writes:

> On Fri, Dec 03, 2021 at 07:28:18PM -0500, Mark H Weaver wrote:
>> Hi,
>> 
>> For the record, I've pushed commits
>> 080a5de2eeb5e0da83ae9fd94488508d5227c4e3 and
>> d49e7a592f2f12cd1f9e07edfeebe0a2771f491e to the 'master' branch, which I
>> believe should fix this issue in our 'nss', 'icecat', 'icedove',
>> 'icedove-wayland', and 'geierlein' packages.
>
> Thanks for working on it, Mark.
>
>> Does anyone know if there are other packages in Guix that include a
>> bundled copy of NSS?  If not, I guess this bug can be closed.
>
> Personally I don't know... I hope not. Let's wait a couple more days
> before closing.

It's been 15 weeks :-).

Closing.

Maxim


[Message part 3 (message/rfc822, inline)]
From: Leo Famulari <leo <at> famulari.name>
To: bug-guix <at> gnu.org
Subject: NSS CVE-2021-43527 "memory corruption validating dsa/rsa-pss
 signatures"
Date: Wed, 1 Dec 2021 12:34:27 -0500

An attacker-controlled memory corruption vulnerability was discovered in
NSS:

https://bugs.chromium.org/p/project-zero/issues/detail?id=2237
This bug report was last modified 3 years and 60 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.