1
PublicDateAtUSN: 2016-11-16
2
Candidate: CVE-2016-5285
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5285
6
https://usn.ubuntu.com/usn/usn-3163-1
8
A NULL pointer dereference flaw was found in the way NSS handled
9
invalid Diffie-Hellman keys. A remote client could use this flaw to
10
crash a TLS/SSL server using NSS.
13
mdeslaur> per upstream bug, this was fixed in 3.25, but patch for 3.21
14
mdeslaur> fixes it differently.
16
https://bugzilla.mozilla.org/show_bug.cgi?id=1306103
22
upstream: https://hg.mozilla.org/projects/nss/rev/45c047d18ac4
23
upstream_nss: released (3.25)
24
precise_nss: released (2:3.26.2-0ubuntu0.12.04.1)
25
precise/esm_nss: released (2:3.26.2-0ubuntu0.12.04.1)
26
trusty_nss: released (2:3.26.2-0ubuntu0.14.04.3)
27
vivid/stable-phone-overlay_nss: ignored (reached end-of-life)
28
vivid/ubuntu-core_nss: DNE
29
xenial_nss: released (2:3.26.2-0ubuntu0.16.04.2)
30
yakkety_nss: not-affected (2:3.26-1ubuntu1)
31
zesty_nss: not-affected (2:3.26-1ubuntu1)
32
devel_nss: not-affected (2:3.26-1ubuntu1)