Bug#699888: new nss packages fixing cve-2013-1620

Yves-Alexis Perez corsac at debian.org
Fri Mar 15 14:33:05 UTC 2013

On jeu., 2013-03-14 at 22:48 -0400, Michael Gilbert wrote:
> Hi,
> I've prepared new nss packages fixing the "lucky 13" issue:
> http://people.debian.org/~mgilbert
> For the mozilla team, this is a new upstream, so would you be ok with
> it uploaded as an nmu, or would you like to upload?

It seems the BTS never received your mail, not sure why (at least it
doesn't appear on the BTS web interface). So I'm not sure mozilla people
received it either. Hopefully this mail will reach them.
> For the security team, these fixes are so large that I think a
> backport is likely impossible.  Should (can) we attempt to convince
> the release team to jump from 3.13.6 to 3.14.3 in testing, or is that
> crazy at this point in the freeze?  If not, then what?

Well, starting by asking them their pov might be a good idea. And what
about Squeeze?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-mozilla-maintainers/attachments/20130315/52c576d2/attachment-0001.pgp>

More information about the pkg-mozilla-maintainers mailing list