CVE-2019-11727

Note

only an issue with TLSv1.3. Releases before Bionic have no
TLSv1.3 support. Bionic shipped with an incompatible TLSv1.3
draft, so likely not used.

Package	Release	Status
mozjs52 Launchpad, Ubuntu, Debian	groovy	Ignored (end of life)
	jammy	Does not exist
	kinetic	Does not exist
	lunar	Does not exist
	bionic	Needs triage
	cosmic	Ignored (end of life)
	disco	Ignored (end of life)
	eoan	Ignored (end of life)
	focal	Needs triage
	hirsute	Does not exist
	impish	Does not exist
	upstream	Needs triage
	xenial	Does not exist
	mantic	Does not exist
firefox Launchpad, Ubuntu, Debian	jammy	Released (68.0+build3-0ubuntu1)
	kinetic	Released (68.0+build3-0ubuntu1)
	lunar	Released (68.0+build3-0ubuntu1)
	bionic	Released (68.0+build3-0ubuntu0.18.04.1)
	cosmic	Released (68.0+build3-0ubuntu0.18.10.1)
	disco	Released (68.0+build3-0ubuntu0.19.04.1)
	eoan	Released (68.0+build3-0ubuntu1)
	focal	Released (68.0+build3-0ubuntu1)
	groovy	Released (68.0+build3-0ubuntu1)
	hirsute	Released (68.0+build3-0ubuntu1)
	impish	Released (68.0+build3-0ubuntu1)
	trusty	Does not exist
	upstream	Released (68)
	xenial	Released (68.0+build3-0ubuntu0.16.04.1)
	mantic	Released (68.0+build3-0ubuntu1)
mozjs38 Launchpad, Ubuntu, Debian	jammy	Does not exist
	kinetic	Does not exist
	lunar	Does not exist
	bionic	Needs triage
	cosmic	Does not exist
	disco	Does not exist
	eoan	Does not exist
	focal	Does not exist
	groovy	Does not exist
	hirsute	Does not exist
	impish	Does not exist
	upstream	Needs triage
	xenial	Does not exist
	mantic	Does not exist
mozjs60 Launchpad, Ubuntu, Debian	jammy	Does not exist
	kinetic	Does not exist
	lunar	Does not exist
	bionic	Does not exist
	cosmic	Ignored (end of life)
	disco	Ignored (end of life)
	eoan	Ignored (end of life)
	focal	Does not exist
	groovy	Does not exist
	hirsute	Does not exist
	impish	Does not exist
	upstream	Needs triage
	xenial	Does not exist
	mantic	Does not exist
nss Launchpad, Ubuntu, Debian	jammy	Released (2:3.45-1ubuntu1)
	kinetic	Released (2:3.45-1ubuntu1)
	lunar	Released (2:3.45-1ubuntu1)
	bionic	Not vulnerable (code not present)
	cosmic	Ignored (end of life)
	disco	Released (2:3.42-1ubuntu2.1)
	eoan	Released (2:3.45-1ubuntu1)
	focal	Released (2:3.45-1ubuntu1)
	groovy	Released (2:3.45-1ubuntu1)
	hirsute	Released (2:3.45-1ubuntu1)
	impish	Released (2:3.45-1ubuntu1)
	trusty	Not vulnerable (code not present)
	upstream	Released (2:3.45-1)
	xenial	Not vulnerable (code not present)
	mantic	Released (2:3.45-1ubuntu1)
	Patches: upstream: https://hg.mozilla.org/projects/nss/rev/0a4e8b72a92e144663c2f35d3836f7828cfc97f2
thunderbird Launchpad, Ubuntu, Debian	jammy	Not vulnerable (1:68.5.0+build1-0ubuntu1)
	bionic	Not vulnerable (1:68.4.1+build1-0ubuntu0.18.04.1)
	cosmic	Ignored (end of life)
	disco	Ignored (end of life)
	eoan	Not vulnerable (1:68.4.1+build1-0ubuntu0.19.10.1)
	focal	Not vulnerable (1:68.5.0+build1-0ubuntu1)
	groovy	Not vulnerable (1:68.5.0+build1-0ubuntu1)
	hirsute	Not vulnerable (1:68.5.0+build1-0ubuntu1)
	impish	Not vulnerable (1:68.5.0+build1-0ubuntu1)
	kinetic	Not vulnerable (1:68.5.0+build1-0ubuntu1)
	lunar	Not vulnerable (1:68.5.0+build1-0ubuntu1)
	upstream	Needed
	xenial	Released (1:68.7.0+build1-0ubuntu0.16.04.2)
	mantic	Not vulnerable (1:68.5.0+build1-0ubuntu1)

Parameter	Value
Base score	5.3
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	None
Integrity impact	Low
Availability impact	None
Vector	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Security

CVE-2019-11727

Notes

Priority

Cvss 3 Severity Score

Status

Severity score breakdown

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading