Bug#699888: new nss packages fixing cve-2013-1620

Mike Hommey mh at glandium.org
Tue Mar 19 05:45:54 UTC 2013


On Mon, Mar 18, 2013 at 11:22:56AM -0400, Daniel Kahn Gillmor wrote:
> On 03/16/2013 05:35 PM, Mike Hommey wrote:
> > Likewise, I'd rather know what we do wrt md5, and while at it, cacert
> > (the cert of which uses a md5 signature at the moment, so it effectively
> > doesn't work ; see bug 682470) before uploading, so as to avoid doing
> > two uploads.
> 
> the choice of signature digest for the root CA certificate shouldn't be
> relevant -- it should only be relevant for intermediate CA certificates
> and end entity certificates.  if NSS is requiring certain digest
> algorithms on the root CA certs, that's probably a bug.
> 
> Mike, can you clarify whether that's the case?

It's not.

Mike



More information about the pkg-mozilla-maintainers mailing list