Wheezy update of nss?
Salvatore Bonaccorso
carnil at debian.org
Tue Nov 22 06:10:02 UTC 2016
On Mon, Nov 21, 2016 at 11:26:29PM +0100, Ola Lundqvist wrote:
> On 21 November 2016 at 23:23, Mike Hommey <mh at glandium.org> wrote:
>
> > You probably want the security team here, they take care of NSS in
> > jessie.
> >
> > On Mon, Nov 21, 2016 at 10:31:35PM +0100, Ola Lundqvist wrote:
> > > Hello dear maintainer(s),
> > >
> > > The Debian LTS team would like to fix the security issues which are
> > > currently open in the Wheezy version of nss:
> > > https://security-tracker.debian.org/tracker/CVE-2016-8635
I think this one is fixed with th import of 2:3.25-1 in unstable, and
thus contained in all suites already. The issue was fixed in 3.21.3,
but for Debian the changes for "validating dh_Ys against the group
prime" via ssl_IsValidDHEShare went into 2:3.25-1.
Mike ist that correct?
Regards,
Salvatore
More information about the pkg-mozilla-maintainers
mailing list