Version in base suite: 3.110-1+deb13u1 Version in overlay suite: 3.110-1+deb13u2 Base version: nss_3.110-1+deb13u2 Target version: nss_3.110-1+deb13u3 Base file: /srv/ftp-master.debian.org/ftp/pool/main/n/nss/nss_3.110-1+deb13u2.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/n/nss/nss_3.110-1+deb13u3.dsc changelog | 8 ++++++++ patches/CVE-2026-12318.patch | 36 ++++++++++++++++++++++++++++++++++++ patches/series | 1 + 3 files changed, 45 insertions(+) dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmp2jay50cn/nss_3.110-1+deb13u2.dsc: no acceptable signature found dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmp2jay50cn/nss_3.110-1+deb13u3.dsc: no acceptable signature found diff -Nru nss-3.110/debian/changelog nss-3.110/debian/changelog --- nss-3.110/debian/changelog 2026-05-17 16:37:16.000000000 +0000 +++ nss-3.110/debian/changelog 2026-06-30 18:22:51.000000000 +0000 @@ -1,3 +1,11 @@ +nss (2:3.110-1+deb13u3) trixie; urgency=medium + + * Non-maintainer upload. + * improve handling of escape sequences in pk11uri_ParseAttributes + (CVE-2026-12318) + + -- Salvatore Bonaccorso Tue, 30 Jun 2026 20:22:51 +0200 + nss (2:3.110-1+deb13u2) trixie-security; urgency=medium * CVE-2026-6766 diff -Nru nss-3.110/debian/patches/CVE-2026-12318.patch nss-3.110/debian/patches/CVE-2026-12318.patch --- nss-3.110/debian/patches/CVE-2026-12318.patch 1970-01-01 00:00:00.000000000 +0000 +++ nss-3.110/debian/patches/CVE-2026-12318.patch 2026-06-30 18:22:01.000000000 +0000 @@ -0,0 +1,36 @@ + +# HG changeset patch +# User John Schanck +# Date 1776891142 0 +# Node ID bd0c42028c8eae5b9cbdb4f5b0ee59bc07cba2de +# Parent 98ae9f70d97a87957a997af8ac9110836a5dd094 +Bug 2023478 - improve handling of escape sequences in pk11uri_ParseAttributes. r=nss-reviewers,keeler + +Differential Revision: https://phabricator.services.mozilla.com/D295642 + +diff --git a/nss/lib/util/pkcs11uri.c b/nss/lib/util/pkcs11uri.c +--- a/nss/lib/util/pkcs11uri.c ++++ b/nss/lib/util/pkcs11uri.c +@@ -619,19 +619,19 @@ pk11uri_ParseAttributes(const char **str + if (strchr(stop_chars, *p) != NULL) { + break; + } + if (strchr(accept_chars, *p) != NULL) { + continue; + } + if (*p == '%') { + const char ch2 = *++p; +- if (strchr(PK11URI_HEXDIG, ch2) != NULL) { ++ if (ch2 != '\0' && strchr(PK11URI_HEXDIG, ch2) != NULL) { + const char ch3 = *++p; +- if (strchr(PK11URI_HEXDIG, ch3) != NULL) ++ if (ch3 != '\0' && strchr(PK11URI_HEXDIG, ch3) != NULL) + continue; + } + } + + return SECFailure; + } + value_end = p; + + diff -Nru nss-3.110/debian/patches/series nss-3.110/debian/patches/series --- nss-3.110/debian/patches/series 2026-05-17 16:36:57.000000000 +0000 +++ nss-3.110/debian/patches/series 2026-06-30 18:21:02.000000000 +0000 @@ -4,3 +4,4 @@ CVE-2026-6766.patch CVE-2026-6767.patch CVE-2026-6772.patch +CVE-2026-12318.patch