Version in base suite: 3.110-1

Base version: nss_3.110-1
Target version: nss_3.110-1+deb13u1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/n/nss/nss_3.110-1.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/n/nss/nss_3.110-1+deb13u1.dsc

 changelog                   |    6 ++++++
 patches/CVE-2026-2781.patch |   20 ++++++++++++++++++++
 patches/series              |    1 +
 3 files changed, 27 insertions(+)

dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpuooxmoj8/nss_3.110-1.dsc: no acceptable signature found
dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpuooxmoj8/nss_3.110-1+deb13u1.dsc: no acceptable signature found
diff -Nru nss-3.110/debian/changelog nss-3.110/debian/changelog
--- nss-3.110/debian/changelog	2025-04-01 23:39:10.000000000 +0000
+++ nss-3.110/debian/changelog	2026-02-25 19:47:21.000000000 +0000
@@ -1,3 +1,9 @@
+nss (2:3.110-1+deb13u1) trixie-security; urgency=medium
+
+  * CVE-2026-2781
+
+ -- Moritz Mühlenhoff <jmm@debian.org>  Wed, 25 Feb 2026 20:47:21 +0100
+
 nss (2:3.110-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru nss-3.110/debian/patches/CVE-2026-2781.patch nss-3.110/debian/patches/CVE-2026-2781.patch
--- nss-3.110/debian/patches/CVE-2026-2781.patch	1970-01-01 00:00:00.000000000 +0000
+++ nss-3.110/debian/patches/CVE-2026-2781.patch	2026-02-25 19:47:15.000000000 +0000
@@ -0,0 +1,20 @@
+# HG changeset patch
+# User John Schanck <jschanck@mozilla.com>
+# Date 1770830509 0
+# Node ID 245385e16fa62111d6e3c3fbd847b020755f64f0
+# Parent  76e6887ecc1a5410233ad9c5f4cadae4e298a37b
+Bug 2009552 - avoid integer overflow in platform-independent ghash. r=nss-reviewers,nkulatova
+
+Differential Revision: https://phabricator.services.mozilla.com/D278681
+
+--- nss-3.110.orig/nss/lib/freebl/gcm.c
++++ nss-3.110/nss/lib/freebl/gcm.c
+@@ -357,7 +357,7 @@ gcmHash_Update(gcmHashContext *ghash, co
+     unsigned int blocks;
+     SECStatus rv;
+ 
+-    ghash->cLen += (len * PR_BITS_PER_BYTE);
++    ghash->cLen += ((uint64_t)len * PR_BITS_PER_BYTE);
+ 
+     /* first deal with the current buffer of data. Try to fill it out so
+      * we can hash it */
diff -Nru nss-3.110/debian/patches/series nss-3.110/debian/patches/series
--- nss-3.110/debian/patches/series	2024-10-01 22:00:32.000000000 +0000
+++ nss-3.110/debian/patches/series	2026-02-25 19:47:00.000000000 +0000
@@ -1,2 +1,3 @@
 38_hurd.patch
 80_security_tools.patch
+CVE-2026-2781.patch