Wheezy update of nss?

Mike Hommey mh at glandium.org
Tue Nov 22 06:50:44 UTC 2016


On Tue, Nov 22, 2016 at 07:10:02AM +0100, Salvatore Bonaccorso wrote:
> On Mon, Nov 21, 2016 at 11:26:29PM +0100, Ola Lundqvist wrote:
> > On 21 November 2016 at 23:23, Mike Hommey <mh at glandium.org> wrote:
> > 
> > > You probably want the security team here, they take care of NSS in
> > > jessie.
> > >
> > > On Mon, Nov 21, 2016 at 10:31:35PM +0100, Ola Lundqvist wrote:
> > > > Hello dear maintainer(s),
> > > >
> > > > The Debian LTS team would like to fix the security issues which are
> > > > currently open in the Wheezy version of nss:
> > > > https://security-tracker.debian.org/tracker/CVE-2016-8635
> 
> I think this one is fixed with th import of 2:3.25-1 in unstable, and
> thus contained in all suites already. The issue was fixed in 3.21.3,
> but for Debian the changes for "validating dh_Ys against the group
> prime" via ssl_IsValidDHEShare went into 2:3.25-1.
> 
> Mike ist that correct?

I can only presume, I don't have access to the corresponding upstream bug.

Mike



More information about the pkg-mozilla-maintainers mailing list