#1001048 vfychain: segmentation fault when trying to verify signatures signed with large keys #1001048
- Package:
- libnss3-tools
- Source:
- nss
- Description:
- Network Security Service tools
- Submitter:
- "David Eccles (gringer)"
- Date:
- 2021-12-03 05:27:03 UTC
- Severity:
- important
Dear Maintainer, I've recently noticed a bug in nss that was reported on Google Project Zero: https://googleprojectzero.blogspot.com/2021/12/this-shouldnt-have-happened.html The reporter's claim is as follows: I have tried out their example code on my Debian system, and it results in the reported Segmentation fault. This is interesting, given that the stated fixed version is NSS 3.73.0, and Debian is reporting that 3.73-1 is installed.
My mistake, sorry. I've noticed after looking at the package versions that libnss3 is v2:3.68-1, which is not the same as the libnss3-tools version [i.e. 3.73-1].