[SECURITY] [DLA 2836-2] nss regression update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2836-2] nss regression update
From: Utkarsh Gupta <utkarsh@debian.org>
Date: Wed, 8 Dec 2021 04:37:16 +0530
Message-id: <[🔎] CAPP0f94zNcJ-mBV0WaDtVxVNXqLQmJjSd827mwjV1C+NwtrRbw@mail.gmail.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -----------------------------------------------------------------------
Debian LTS Advisory DLA-2836-2              debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Utkarsh Gupta
December 08, 2021                           https://wiki.debian.org/LTS
- -----------------------------------------------------------------------

Package        : nss
Version        : 2:3.26.2-1.1+deb9u4
Debian Bug     : 1001219

DLA-2836-1 was rolled out, fixing CVE-2021-43527 in nss, but that
lead to a regression, preventing SSL connections in Chromium. The
complete bug report could be found here:
https://bugs.debian.org/1001219.

For Debian 9 stretch, this problem has been fixed in version
2:3.26.2-1.1+deb9u4.

We recommend that you upgrade your nss packages.

For the detailed security status of nss please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/nss

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmGv6OwACgkQgj6WdgbD
S5bSBRAAxYdGcK13TV8yjR8afuuKiQfxq/+5RMABlG/y+WD4e7JdxU8pwXMBhSev
96aTgmtbdLnhhuBhpuuhcaEBayqWyfACgB0hVI1mDe2FAMje7fCsJtkYJ07hTTaX
VfHm/LmU0Pi/aJJ9Zyqy+VMczqkt5glmXEfASYu45MqLzJ8vI5IfduCN6cWOwhU3
RUaK6En87ej8OJ/yjrHjVBZOgGQfRR+n/f60J4snGu8C0RxDSLUjo9jA9mGgDKBo
FpsTN3nhmcbRUQp/s2zO7kPVqE7fp7iQhBZJ7FAXOr/SnG4IaVK+py7Y+doMcYcw
FpOaPMrdTm6isPJFmiTEKyBCQDNBXoCeGl4wwUbn+pdN5B5j5menOe0KvUaIq+gQ
yqf1PnxCVCWONtEukfLX3+HpURQ/rmQ4PG5YrKvTN2XGAko4LA/VFw9HG5I5lWsz
X7AbMpvT4zmfnD8MbBRhOHmyeeOymyNl9tcimBzuLPsHJjXpczGeoa9jB0L/6OjA
6HGumXbqXd6VI96o1WftbklsMHdpcsDGvVXPrF5gfjpQMl8a0dUzoXoKpy349kXL
hW6djOUkBT+Zll0vyDlu4OEacLO86mXcfRjvSMgzKBrmgsni2DAca5qPqxneSbFL
PlJYQKkafzns+ufF4+wkqw/HBnziJ3i7BoC3mW/QA9vqq0h2OKI=
=Kol1
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2841-1] runc security update
Next by Date: [SECURITY] [DLA 2842-1] apache-log4j2 security update
Previous by thread: [SECURITY] [DLA 2841-1] runc security update
Next by thread: [SECURITY] [DLA 2842-1] apache-log4j2 security update
Index(es):
- Date
- Thread