--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: buster-pu: package nss/2:3.42.1-1+deb10u1
- From: Moritz Muehlenhoff <jmm@debian.org>
- Date: Sun, 25 Aug 2019 21:25:12 +0200
- Message-id: <156676111219.2792.14958869277063201150.reportbug@hullmann.westfalen.local>
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu
The NSS update below fixes a few non-severe security issues. I've been
running this version with Firefox on Buster (which uses the system
copy of NSS unlike Firefox in Stretch) without any issues.
Cheers,
Moritz
diff -Nru nss-3.42.1/debian/changelog nss-3.42.1/debian/changelog
--- nss-3.42.1/debian/changelog 2019-02-13 05:19:39.000000000 +0100
+++ nss-3.42.1/debian/changelog 2019-08-23 00:03:22.000000000 +0200
@@ -1,3 +1,10 @@
+nss (2:3.42.1-1+deb10u1) buster; urgency=medium
+
+ * Fixes for CVE-2019-11719, CVE-2019-11727 and CVE-2019-11729 (in unstable
+ these were addressed via the 2:3.45-1 upload to unstable)
+
+ -- Moritz Mühlenhoff <jmm@debian.org> Fri, 23 Aug 2019 00:03:22 +0200
+
nss (2:3.42.1-1) unstable; urgency=medium
* New upstream release.
diff -Nru nss-3.42.1/debian/patches/CVE-2019-11719_CVE-2019-11727_CVE-2019-11729.patch nss-3.42.1/debian/patches/CVE-2019-11719_CVE-2019-11727_CVE-2019-11729.patch
--- nss-3.42.1/debian/patches/CVE-2019-11719_CVE-2019-11727_CVE-2019-11729.patch 1970-01-01 01:00:00.000000000 +0100
+++ nss-3.42.1/debian/patches/CVE-2019-11719_CVE-2019-11727_CVE-2019-11729.patch 2019-08-23 00:03:22.000000000 +0200
@@ -0,0 +1,410 @@
+Fixes for CVE-2019-11719, CVE-2019-11727 and CVE-2019-11729 which are based on
+the following upstream commits:
+
+https://hg.mozilla.org/projects/nss/rev/6cfb54d262d030783137aa6478b45ecb3cbfc624
+https://hg.mozilla.org/projects/nss/rev/0a4e8b72a92e144663c2f35d3836f7828cfc97f2
+https://hg.mozilla.org/projects/nss/rev/dabfe1160c682b4d1d19c5a7a13ab3828bb9d37f
+https://hg.mozilla.org/projects/nss/rev/ebc93d6daeaa9001d31fd18b5199779da99ae9aa
+
+--- nss-3.42.1.orig/nss/gtests/pk11_gtest/pk11_curve25519_unittest.cc
++++ nss-3.42.1/nss/gtests/pk11_gtest/pk11_curve25519_unittest.cc
+@@ -40,6 +40,9 @@ class Pkcs11Curve25519Test
+
+ ScopedCERTSubjectPublicKeyInfo certSpki(
+ SECKEY_DecodeDERSubjectPublicKeyInfo(&spkiItem));
++ if (!expect_success && !certSpki) {
++ return;
++ }
+ ASSERT_TRUE(certSpki);
+
+ ScopedSECKEYPublicKey pubKey(SECKEY_ExtractPublicKey(certSpki.get()));
+--- nss-3.42.1.orig/nss/gtests/ssl_gtest/ssl_auth_unittest.cc
++++ nss-3.42.1/nss/gtests/ssl_gtest/ssl_auth_unittest.cc
+@@ -342,6 +342,44 @@ TEST_P(TlsConnectTls12, ClientAuthIncons
+ ConnectExpectAlert(server_, kTlsAlertIllegalParameter);
+ }
+
++TEST_P(TlsConnectTls13, ClientAuthPkcs1SignatureScheme) {
++ static const SSLSignatureScheme kSignatureScheme[] = {
++ ssl_sig_rsa_pkcs1_sha256, ssl_sig_rsa_pss_rsae_sha256};
++
++ Reset(TlsAgent::kServerRsa, "rsa");
++ client_->SetSignatureSchemes(kSignatureScheme,
++ PR_ARRAY_SIZE(kSignatureScheme));
++ server_->SetSignatureSchemes(kSignatureScheme,
++ PR_ARRAY_SIZE(kSignatureScheme));
++ client_->SetupClientAuth();
++ server_->RequestClientAuth(true);
++
++ auto capture_cert_verify = MakeTlsFilter<TlsHandshakeRecorder>(
++ client_, kTlsHandshakeCertificateVerify);
++ capture_cert_verify->EnableDecryption();
++
++ Connect();
++ CheckSigScheme(capture_cert_verify, 0, server_, ssl_sig_rsa_pss_rsae_sha256,
++ 1024);
++}
++
++TEST_P(TlsConnectTls13, ClientAuthPkcs1SignatureSchemeOnly) {
++ static const SSLSignatureScheme kSignatureScheme[] = {
++ ssl_sig_rsa_pkcs1_sha256};
++
++ Reset(TlsAgent::kServerRsa, "rsa");
++ client_->SetSignatureSchemes(kSignatureScheme,
++ PR_ARRAY_SIZE(kSignatureScheme));
++ server_->SetSignatureSchemes(kSignatureScheme,
++ PR_ARRAY_SIZE(kSignatureScheme));
++ client_->SetupClientAuth();
++ server_->RequestClientAuth(true);
++
++ ConnectExpectAlert(server_, kTlsAlertHandshakeFailure);
++ server_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM);
++ client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
++}
++
+ class TlsZeroCertificateRequestSigAlgsFilter : public TlsHandshakeFilter {
+ public:
+ TlsZeroCertificateRequestSigAlgsFilter(const std::shared_ptr<TlsAgent>& a)
+@@ -571,7 +609,7 @@ TEST_P(TlsConnectTls13, InconsistentSign
+ client_->CheckErrorCode(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM);
+ }
+
+-TEST_P(TlsConnectTls12Plus, RequestClientAuthWithSha384) {
++TEST_P(TlsConnectTls12, RequestClientAuthWithSha384) {
+ server_->SetSignatureSchemes(kSignatureSchemeRsaSha384,
+ PR_ARRAY_SIZE(kSignatureSchemeRsaSha384));
+ server_->RequestClientAuth(false);
+@@ -1033,12 +1071,21 @@ TEST_P(TlsSignatureSchemeConfiguration,
+ INSTANTIATE_TEST_CASE_P(
+ SignatureSchemeRsa, TlsSignatureSchemeConfiguration,
+ ::testing::Combine(
+- TlsConnectTestBase::kTlsVariantsAll, TlsConnectTestBase::kTlsV12Plus,
++ TlsConnectTestBase::kTlsVariantsAll, TlsConnectTestBase::kTlsV12,
+ ::testing::Values(TlsAgent::kServerRsaSign),
+ ::testing::Values(ssl_auth_rsa_sign),
+ ::testing::Values(ssl_sig_rsa_pkcs1_sha256, ssl_sig_rsa_pkcs1_sha384,
+ ssl_sig_rsa_pkcs1_sha512, ssl_sig_rsa_pss_rsae_sha256,
+ ssl_sig_rsa_pss_rsae_sha384)));
++// RSASSA-PKCS1-v1_5 is not allowed to be used in TLS 1.3
++INSTANTIATE_TEST_CASE_P(
++ SignatureSchemeRsaTls13, TlsSignatureSchemeConfiguration,
++ ::testing::Combine(TlsConnectTestBase::kTlsVariantsAll,
++ TlsConnectTestBase::kTlsV13,
++ ::testing::Values(TlsAgent::kServerRsaSign),
++ ::testing::Values(ssl_auth_rsa_sign),
++ ::testing::Values(ssl_sig_rsa_pss_rsae_sha256,
++ ssl_sig_rsa_pss_rsae_sha384)));
+ // PSS with SHA-512 needs a bigger key to work.
+ INSTANTIATE_TEST_CASE_P(
+ SignatureSchemeBigRsa, TlsSignatureSchemeConfiguration,
+--- nss-3.42.1.orig/nss/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc
++++ nss-3.42.1/nss/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc
+@@ -68,12 +68,6 @@ class TlsCipherSuiteTestBase : public Tl
+ virtual void SetupCertificate() {
+ if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
+ switch (sig_scheme_) {
+- case ssl_sig_rsa_pkcs1_sha256:
+- case ssl_sig_rsa_pkcs1_sha384:
+- case ssl_sig_rsa_pkcs1_sha512:
+- Reset(TlsAgent::kServerRsaSign);
+- auth_type_ = ssl_auth_rsa_sign;
+- break;
+ case ssl_sig_rsa_pss_rsae_sha256:
+ case ssl_sig_rsa_pss_rsae_sha384:
+ Reset(TlsAgent::kServerRsaSign);
+@@ -330,6 +324,12 @@ static SSLSignatureScheme kSignatureSche
+ ssl_sig_rsa_pss_pss_sha256, ssl_sig_rsa_pss_pss_sha384,
+ ssl_sig_rsa_pss_pss_sha512};
+
++static SSLSignatureScheme kSignatureSchemesParamsArrTls13[] = {
++ ssl_sig_ecdsa_secp256r1_sha256, ssl_sig_ecdsa_secp384r1_sha384,
++ ssl_sig_rsa_pss_rsae_sha256, ssl_sig_rsa_pss_rsae_sha384,
++ ssl_sig_rsa_pss_rsae_sha512, ssl_sig_rsa_pss_pss_sha256,
++ ssl_sig_rsa_pss_pss_sha384, ssl_sig_rsa_pss_pss_sha512};
++
+ INSTANTIATE_CIPHER_TEST_P(RC4, Stream, V10ToV12, kDummyNamedGroupParams,
+ kDummySignatureSchemesParams,
+ TLS_RSA_WITH_RC4_128_SHA,
+@@ -394,7 +394,7 @@ INSTANTIATE_CIPHER_TEST_P(
+ #ifndef NSS_DISABLE_TLS_1_3
+ INSTANTIATE_CIPHER_TEST_P(TLS13, All, V13,
+ ::testing::ValuesIn(kFasterDHEGroups),
+- ::testing::ValuesIn(kSignatureSchemesParamsArr),
++ ::testing::ValuesIn(kSignatureSchemesParamsArrTls13),
+ TLS_AES_128_GCM_SHA256, TLS_CHACHA20_POLY1305_SHA256,
+ TLS_AES_256_GCM_SHA384);
+ INSTANTIATE_CIPHER_TEST_P(TLS13AllGroups, All, V13,
+--- nss-3.42.1.orig/nss/gtests/ssl_gtest/ssl_extension_unittest.cc
++++ nss-3.42.1/nss/gtests/ssl_gtest/ssl_extension_unittest.cc
+@@ -436,14 +436,14 @@ TEST_P(TlsExtensionTest12Plus, Signature
+ }
+
+ TEST_F(TlsExtensionTest13Stream, SignatureAlgorithmsPrecedingGarbage) {
+- // 31 unknown signature algorithms followed by sha-256, rsa
++ // 31 unknown signature algorithms followed by sha-256, rsa-pss
+ const uint8_t val[] = {
+ 0x00, 0x40, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x04, 0x01};
++ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x08, 0x04};
+ DataBuffer extension(val, sizeof(val));
+ MakeTlsFilter<TlsExtensionReplacer>(client_, ssl_signature_algorithms_xtn,
+ extension);
+--- nss-3.42.1.orig/nss/lib/cryptohi/seckey.c
++++ nss-3.42.1/nss/lib/cryptohi/seckey.c
+@@ -639,6 +639,11 @@ seckey_ExtractPublicKey(const CERTSubjec
+ return pubk;
+ break;
+ case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
++ /* A basic sanity check on inputs. */
++ if (spki->algorithm.parameters.len == 0 || newOs.len == 0) {
++ PORT_SetError(SEC_ERROR_INPUT_LEN);
++ break;
++ }
+ pubk->keyType = ecKey;
+ pubk->u.ec.size = 0;
+
+--- nss-3.42.1.orig/nss/lib/freebl/dh.c
++++ nss-3.42.1/nss/lib/freebl/dh.c
+@@ -210,7 +210,8 @@ DH_Derive(SECItem *publicValue,
+ unsigned int len = 0;
+ unsigned int nb;
+ unsigned char *secret = NULL;
+- if (!publicValue || !prime || !privateValue || !derivedSecret) {
++ if (!publicValue || !publicValue->len || !prime || !prime->len ||
++ !privateValue || !privateValue->len || !derivedSecret) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
+ }
+--- nss-3.42.1.orig/nss/lib/freebl/ec.c
++++ nss-3.42.1/nss/lib/freebl/ec.c
+@@ -202,8 +202,8 @@ ec_NewKey(ECParams *ecParams, ECPrivateK
+ #endif
+ MP_DIGITS(&k) = 0;
+
+- if (!ecParams || !privKey || !privKeyBytes || (privKeyLen < 0) ||
+- !ecParams->name) {
++ if (!ecParams || ecParams->name == ECCurve_noName ||
++ !privKey || !privKeyBytes || privKeyLen <= 0) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
+ }
+@@ -391,7 +391,7 @@ EC_NewKey(ECParams *ecParams, ECPrivateK
+ int len;
+ unsigned char *privKeyBytes = NULL;
+
+- if (!ecParams) {
++ if (!ecParams || ecParams->name == ECCurve_noName || !privKey) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
+ }
+@@ -430,7 +430,8 @@ EC_ValidatePublicKey(ECParams *ecParams,
+ mp_err err = MP_OKAY;
+ int len;
+
+- if (!ecParams || !publicValue || !ecParams->name) {
++ if (!ecParams || ecParams->name == ECCurve_noName ||
++ !publicValue || !publicValue->len) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
+ }
+@@ -536,8 +537,9 @@ ECDH_Derive(SECItem *publicValue,
+ int i;
+ #endif
+
+- if (!publicValue || !ecParams || !privateValue || !derivedSecret ||
+- !ecParams->name) {
++ if (!publicValue || !publicValue->len ||
++ !ecParams || ecParams->name == ECCurve_noName ||
++ !privateValue || !privateValue->len || !derivedSecret) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
+ }
+--- nss-3.42.1.orig/nss/lib/freebl/ecl/ecp_25519.c
++++ nss-3.42.1/nss/lib/freebl/ecl/ecp_25519.c
+@@ -114,6 +114,9 @@ ec_Curve25519_pt_mul(SECItem *X, SECItem
+ }
+ px = P->data;
+ }
++ if (k->len != 32) {
++ return SECFailure;
++ }
+
+ SECStatus rv = ec_Curve25519_mul(X->data, k->data, px);
+ if (NSS_SecureMemcmpZero(X->data, X->len) == 0) {
+--- nss-3.42.1.orig/nss/lib/pk11wrap/pk11akey.c
++++ nss-3.42.1/nss/lib/pk11wrap/pk11akey.c
+@@ -190,7 +190,6 @@ PK11_ImportPublicKey(PK11SlotInfo *slot,
+ attrs++;
+ PK11_SETATTRS(attrs, CKA_DERIVE, &cktrue, sizeof(CK_BBOOL));
+ attrs++;
+- signedattr = attrs;
+ PK11_SETATTRS(attrs, CKA_EC_PARAMS,
+ pubKey->u.ec.DEREncodedParams.data,
+ pubKey->u.ec.DEREncodedParams.len);
+@@ -222,12 +221,14 @@ PK11_ImportPublicKey(PK11SlotInfo *slot,
+ PORT_SetError(SEC_ERROR_BAD_KEY);
+ return CK_INVALID_HANDLE;
+ }
+-
+ templateCount = attrs - theTemplate;
+- signedcount = attrs - signedattr;
+ PORT_Assert(templateCount <= (sizeof(theTemplate) / sizeof(CK_ATTRIBUTE)));
+- for (attrs = signedattr; signedcount; attrs++, signedcount--) {
+- pk11_SignedToUnsigned(attrs);
++ if (pubKey->keyType != ecKey) {
++ PORT_Assert(signedattr);
++ signedcount = attrs - signedattr;
++ for (attrs = signedattr; signedcount; attrs++, signedcount--) {
++ pk11_SignedToUnsigned(attrs);
++ }
+ }
+ rv = PK11_CreateNewObject(slot, CK_INVALID_SESSION, theTemplate,
+ templateCount, isToken, &objectID);
+@@ -1074,9 +1075,13 @@ pk11_loadPrivKeyWithFlags(PK11SlotInfo *
+ &cktrue, &ckfalse);
+
+ /* Not everyone can handle zero padded key values, give
+- * them the raw data as unsigned */
+- for (ap = attrs; extra_count; ap++, extra_count--) {
+- pk11_SignedToUnsigned(ap);
++ * them the raw data as unsigned. The exception is EC,
++ * where the values are encoded or zero-preserving
++ * per-RFC5915 */
++ if (privKey->keyType != ecKey) {
++ for (ap = attrs; extra_count; ap++, extra_count--) {
++ pk11_SignedToUnsigned(ap);
++ }
+ }
+
+ /* now Store the puppies */
+--- nss-3.42.1.orig/nss/lib/pk11wrap/pk11cert.c
++++ nss-3.42.1/nss/lib/pk11wrap/pk11cert.c
+@@ -184,7 +184,9 @@ PK11_IsUserCert(PK11SlotInfo *slot, CERT
+ SECKEY_DestroyPublicKey(pubKey);
+ return PR_FALSE;
+ }
+- pk11_SignedToUnsigned(&theTemplate);
++ if (pubKey->keyType != ecKey) {
++ pk11_SignedToUnsigned(&theTemplate);
++ }
+ if (pk11_FindObjectByTemplate(slot, &theTemplate, 1) != CK_INVALID_HANDLE) {
+ SECKEY_DestroyPublicKey(pubKey);
+ return PR_TRUE;
+--- nss-3.42.1.orig/nss/lib/pk11wrap/pk11pk12.c
++++ nss-3.42.1/nss/lib/pk11wrap/pk11pk12.c
+@@ -505,7 +505,7 @@ PK11_ImportAndReturnPrivateKey(PK11SlotI
+ }
+ PK11_SETATTRS(attrs, CKA_ID, ck_id->data, ck_id->len);
+ attrs++;
+- signedattr = attrs;
++ /* No signed attrs for EC */
+ /* curveOID always is a copy of AlgorithmID.parameters. */
+ PK11_SETATTRS(attrs, CKA_EC_PARAMS, lpk->u.ec.curveOID.data,
+ lpk->u.ec.curveOID.len);
+@@ -523,11 +523,12 @@ PK11_ImportAndReturnPrivateKey(PK11SlotI
+ }
+ templateCount = attrs - theTemplate;
+ PORT_Assert(templateCount <= sizeof(theTemplate) / sizeof(CK_ATTRIBUTE));
+- PORT_Assert(signedattr != NULL);
+- signedcount = attrs - signedattr;
+-
+- for (ap = signedattr; signedcount; ap++, signedcount--) {
+- pk11_SignedToUnsigned(ap);
++ if (lpk->keyType != ecKey) {
++ PORT_Assert(signedattr);
++ signedcount = attrs - signedattr;
++ for (ap = signedattr; signedcount; ap++, signedcount--) {
++ pk11_SignedToUnsigned(ap);
++ }
+ }
+
+ rv = PK11_CreateNewObject(slot, CK_INVALID_SESSION,
+--- nss-3.42.1.orig/nss/lib/softoken/legacydb/lgattr.c
++++ nss-3.42.1/nss/lib/softoken/legacydb/lgattr.c
+@@ -950,9 +950,9 @@ lg_FindECPrivateKeyAttribute(NSSLOWKEYPr
+ case CKA_UNWRAP:
+ return LG_CLONE_ATTR(attribute, type, lg_StaticFalseAttr);
+ case CKA_VALUE:
+- return lg_CopyPrivAttrSigned(attribute, type,
+- key->u.ec.privateValue.data,
+- key->u.ec.privateValue.len, sdbpw);
++ return lg_CopyPrivAttribute(attribute, type,
++ key->u.ec.privateValue.data,
++ key->u.ec.privateValue.len, sdbpw);
+ case CKA_EC_PARAMS:
+ return lg_CopyAttributeSigned(attribute, type,
+ key->u.ec.ecParams.DEREncoding.data,
+--- nss-3.42.1.orig/nss/lib/softoken/pkcs11c.c
++++ nss-3.42.1/nss/lib/softoken/pkcs11c.c
+@@ -7568,7 +7568,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
+
+ rv = ECDH_Derive(&ecPoint, &privKey->u.ec.ecParams, &ecScalar,
+ withCofactor, &tmp);
+- PORT_Free(ecScalar.data);
++ PORT_ZFree(ecScalar.data, ecScalar.len);
+ ecScalar.data = NULL;
+ if (privKey != sourceKey->objectInfo) {
+ nsslowkey_DestroyPrivateKey(privKey);
+--- nss-3.42.1.orig/nss/lib/ssl/ssl3con.c
++++ nss-3.42.1/nss/lib/ssl/ssl3con.c
+@@ -64,6 +64,7 @@ static SECStatus ssl3_FlushHandshakeMess
+ static CK_MECHANISM_TYPE ssl3_GetHashMechanismByHashType(SSLHashType hashType);
+ static CK_MECHANISM_TYPE ssl3_GetMgfMechanismByHashType(SSLHashType hash);
+ PRBool ssl_IsRsaPssSignatureScheme(SSLSignatureScheme scheme);
++PRBool ssl_IsRsaPkcs1SignatureScheme(SSLSignatureScheme scheme);
+
+ const PRUint8 ssl_hello_retry_random[] = {
+ 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11,
+@@ -4060,6 +4061,9 @@ ssl_SignatureSchemeValid(SSLSignatureSch
+ if (ssl_SignatureSchemeToHashType(scheme) == ssl_hash_sha1) {
+ return PR_FALSE;
+ }
++ if (ssl_IsRsaPkcs1SignatureScheme(scheme)) {
++ return PR_FALSE;
++ }
+ /* With TLS 1.3, EC keys should have been selected based on calling
+ * ssl_SignatureSchemeFromSpki(), reject them otherwise. */
+ return spkiOid != SEC_OID_ANSIX962_EC_PUBLIC_KEY;
+@@ -4289,6 +4293,22 @@ ssl_IsSupportedSignatureScheme(SSLSignat
+ return PR_FALSE;
+ }
+ return PR_FALSE;
++}
++
++PRBool
++ssl_IsRsaPkcs1SignatureScheme(SSLSignatureScheme scheme)
++{
++ switch (scheme) {
++ case ssl_sig_rsa_pkcs1_sha256:
++ case ssl_sig_rsa_pkcs1_sha384:
++ case ssl_sig_rsa_pkcs1_sha512:
++ case ssl_sig_rsa_pkcs1_sha1:
++ return PR_TRUE;
++
++ default:
++ return PR_FALSE;
++ }
++ return PR_FALSE;
+ }
+
+ PRBool
+--- nss-3.42.1.orig/nss/lib/util/quickder.c
++++ nss-3.42.1/nss/lib/util/quickder.c
+@@ -757,6 +757,13 @@ DecodeItem(void* dest,
+ }
+
+ case SEC_ASN1_BIT_STRING: {
++ /* Can't be 8 or more spare bits, or any spare bits
++ * if there are no octets. */
++ if (temp.data[0] >= 8 || (temp.data[0] > 0 && temp.len == 1)) {
++ PORT_SetError(SEC_ERROR_BAD_DER);
++ rv = SECFailure;
++ break;
++ }
+ /* change the length in the SECItem to be the number
+ of bits */
+ temp.len = (temp.len - 1) * 8 - (temp.data[0] & 0x7);
diff -Nru nss-3.42.1/debian/patches/series nss-3.42.1/debian/patches/series
--- nss-3.42.1/debian/patches/series 2018-06-25 00:24:52.000000000 +0200
+++ nss-3.42.1/debian/patches/series 2019-08-23 00:03:22.000000000 +0200
@@ -2,3 +2,4 @@
80_security_tools.patch
85_security_load.patch
38_hppa.patch
+CVE-2019-11719_CVE-2019-11727_CVE-2019-11729.patch
--- End Message ---