[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Wheezy update of nss?

On Mon, Nov 21, 2016 at 11:26:29PM +0100, Ola Lundqvist wrote:
> On 21 November 2016 at 23:23, Mike Hommey <mh@glandium.org> wrote:
> 
> > You probably want the security team here, they take care of NSS in
> > jessie.
> >
> > On Mon, Nov 21, 2016 at 10:31:35PM +0100, Ola Lundqvist wrote:
> > > Hello dear maintainer(s),
> > >
> > > The Debian LTS team would like to fix the security issues which are
> > > currently open in the Wheezy version of nss:
> > > https://security-tracker.debian.org/tracker/CVE-2016-8635

I think this one is fixed with th import of 2:3.25-1 in unstable, and
thus contained in all suites already. The issue was fixed in 3.21.3,
but for Debian the changes for "validating dh_Ys against the group
prime" via ssl_IsValidDHEShare went into 2:3.25-1.

Mike ist that correct?

Regards,
Salvatore
Reply to: