Bug#824872: jessie-pu: package nspr/2:4.12-2+deb8u1
Control: tag -1 moreinfo
On Fri, May 20, 2016 at 18:32:41 +0200, Guido Günther wrote:
> Hi,
> as put out in more detail in
>
> https://lists.debian.org/debian-release/2016/02/msg00753.html
>
> we discussed in the LTS and security team the possibility to use the
> same NSS and NSPR upstream version in all suites to be able to handle
> things like CVE-2014-3566 and CVE-2015-4000 in a consistent manner.
>
> I'd like to propose this here again via a bug report so we have easier
> means of tracking/tagging. Would it be o.k. with the release team to update
> nss/nspr to the versions currently in sid/testing and continue to do so
> from here on. If it works out for jessie we'll do the same in LTS via
> wheezy-security.
> In order to increase confidence in the backports I've enabled the
> internal testsuites in nspr and nss.
>
> If this is o.k. I'm happy to attach debdiffs and provide a matching bug
> for nss as well.
>
Hi Guido,
I'd want to see debdiffs first. And have some description of what the
regression testing looks like, both of the upstream releases and of the
debian packages.
Cheers,
Julien
Reply to: