Re: Wheezy update of nss?
On Mon, Nov 21, 2016 at 11:26:29PM +0100, Ola Lundqvist wrote:
> On 21 November 2016 at 23:23, Mike Hommey <email@example.com> wrote:
> > You probably want the security team here, they take care of NSS in
> > jessie.
> > On Mon, Nov 21, 2016 at 10:31:35PM +0100, Ola Lundqvist wrote:
> > > Hello dear maintainer(s),
> > >
> > > The Debian LTS team would like to fix the security issues which are
> > > currently open in the Wheezy version of nss:
> > > https://security-tracker.debian.org/tracker/CVE-2016-8635
I think this one is fixed with th import of 2:3.25-1 in unstable, and
thus contained in all suites already. The issue was fixed in 3.21.3,
but for Debian the changes for "validating dh_Ys against the group
prime" via ssl_IsValidDHEShare went into 2:3.25-1.
Mike ist that correct?