Version in base suite: 3.87.1-1+deb12u1 Base version: nss_3.87.1-1+deb12u1 Target version: nss_3.87.1-1+deb12u2 Base file: /srv/ftp-master.debian.org/ftp/pool/main/n/nss/nss_3.87.1-1+deb12u1.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/n/nss/nss_3.87.1-1+deb12u2.dsc changelog | 6 ++++++ patches/CVE-2026-2781.patch | 21 +++++++++++++++++++++ patches/series | 1 + 3 files changed, 28 insertions(+) dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmp1ssr5n2w/nss_3.87.1-1+deb12u1.dsc: no acceptable signature found dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmp1ssr5n2w/nss_3.87.1-1+deb12u2.dsc: no acceptable signature found diff -Nru nss-3.87.1/debian/changelog nss-3.87.1/debian/changelog --- nss-3.87.1/debian/changelog 2024-10-10 19:51:11.000000000 +0000 +++ nss-3.87.1/debian/changelog 2026-02-25 21:41:48.000000000 +0000 @@ -1,3 +1,9 @@ +nss (2:3.87.1-1+deb12u2) bookworm-security; urgency=medium + + * CVE-2026-2781 + + -- Moritz Mühlenhoff Wed, 25 Feb 2026 22:41:48 +0100 + nss (2:3.87.1-1+deb12u1) bookworm-security; urgency=medium * nss: fix CVE-2024-6602, CVE-2024-6609 and CVE-2024-0743 diff -Nru nss-3.87.1/debian/patches/CVE-2026-2781.patch nss-3.87.1/debian/patches/CVE-2026-2781.patch --- nss-3.87.1/debian/patches/CVE-2026-2781.patch 1970-01-01 00:00:00.000000000 +0000 +++ nss-3.87.1/debian/patches/CVE-2026-2781.patch 2026-02-25 21:41:39.000000000 +0000 @@ -0,0 +1,21 @@ + +# HG changeset patch +# User John Schanck +# Date 1770830509 0 +# Node ID 245385e16fa62111d6e3c3fbd847b020755f64f0 +# Parent 76e6887ecc1a5410233ad9c5f4cadae4e298a37b +Bug 2009552 - avoid integer overflow in platform-independent ghash. r=nss-reviewers,nkulatova + +Differential Revision: https://phabricator.services.mozilla.com/D278681 + +--- nss-3.87.1.orig/nss/lib/freebl/gcm.c ++++ nss-3.87.1/nss/lib/freebl/gcm.c +@@ -353,7 +353,7 @@ gcmHash_Update(gcmHashContext *ghash, co + unsigned int blocks; + SECStatus rv; + +- ghash->cLen += (len * PR_BITS_PER_BYTE); ++ ghash->cLen += ((uint64_t)len * PR_BITS_PER_BYTE); + + /* first deal with the current buffer of data. Try to fill it out so + * we can hash it */ diff -Nru nss-3.87.1/debian/patches/series nss-3.87.1/debian/patches/series --- nss-3.87.1/debian/patches/series 2024-10-10 19:51:11.000000000 +0000 +++ nss-3.87.1/debian/patches/series 2026-02-25 21:41:26.000000000 +0000 @@ -4,3 +4,4 @@ CVE-2024-0743.patch CVE-2024-6602.patch CVE-2024-6609.patch +CVE-2026-2781.patch