Re: nss 3.26.2 in jessie?

To: Antoine Beaupré <anarcat@orangeseeds.org>
Cc: team@security.debian.org, debian-lts@lists.debian.org
Subject: Re: nss 3.26.2 in jessie?
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Thu, 22 Dec 2016 11:08:50 +0100
Message-id: <[🔎] 20161222100850.GA4265@inutil.org>
In-reply-to: <[🔎] 87a8boor3h.fsf@angela.anarc.at>
References: <[🔎] 87a8boor3h.fsf@angela.anarc.at>

On Wed, Dec 21, 2016 at 05:27:30PM -0500, Antoine Beaupré wrote:
> Hi,
> 
> We (the LTS team, but mainly me and buxy) are working on an update to
> the NSS package for wheezy, and we just packaged the upstream 3.26.2
> release since it was a minimal diff that was easy to review.
> 
> We can't really update with a 3.26.2 version without making sure jessie
> follows suite as well.
> 
> Can I upload that package to 3.26.2? For now it looks like this:

The only issue open in jessie is CVE-2016-9074, which doesn't really
warrant a DSA on it's own. We can reconsider a DSA if further nss
vulnerabilities appear.

For LTS you could simply base on 2:3.26-1+debu8u1 and cherrypick
the patch for CVE-2016-9074 on top.

Cheers,
        Moritz

Reply to:

Follow-Ups:
- Re: nss 3.26.2 in jessie?
  - From: Salvatore Bonaccorso <carnil@debian.org>

References:
- nss 3.26.2 in jessie?
  - From: anarcat@orangeseeds.org (Antoine Beaupré)

Prev by Date: nss package ready for testing
Next by Date: Re: nss 3.26.2 in jessie?
Previous by thread: nss 3.26.2 in jessie?
Next by thread: Re: nss 3.26.2 in jessie?
Index(es):
- Date
- Thread