[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: nss: CVE-2015-7181, CVE-2015-7182 and CVE-2015-4000 [was nss: CVE-2015-4000]

On Friday 25 March 2016 13.13.57 Antoine Beaupré wrote:
> I don't know if Luciano did, but I looked at the patch and they are
> okay, insofar as they match the upstream ones.

Oh.. geez. This fall out of my table. Sorry.

Two small comments, we usually use urgency=high (yes, even when I'm answering 
to this after two months) and the -security is missed in the 
2:3.17.2-1.1+deb8u3 changelog.

I'm all for Antoine suggestion about fixing the pending issues in the same 

CVE-2016-1938 looks, from the upstream patch, easy to fix also. I'm not sure 
if CVE-2015-7575 affects the stable version of nss. With these, all the 
pending issues affecting nss would be solved.

Thanks for your help and sorry again, luciano

Reply to: