Bug#824872: jessie-pu: package nspr/2:4.12-2+deb8u1
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu
Hi,
as put out in more detail in
https://lists.debian.org/debian-release/2016/02/msg00753.html
we discussed in the LTS and security team the possibility to use the
same NSS and NSPR upstream version in all suites to be able to handle
things like CVE-2014-3566 and CVE-2015-4000 in a consistent manner.
I'd like to propose this here again via a bug report so we have easier
means of tracking/tagging. Would it be o.k. with the release team to update
nss/nspr to the versions currently in sid/testing and continue to do so
from here on. If it works out for jessie we'll do the same in LTS via
wheezy-security.
In order to increase confidence in the backports I've enabled the
internal testsuites in nspr and nss.
If this is o.k. I'm happy to attach debdiffs and provide a matching bug
for nss as well.
Cheers,
-- Guido
-- System Information:
Debian Release: stretch/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'stable-updates'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.4.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Reply to: