CVE-2024-7531/nss for debian/bullseye LTS

Sat, 12 Oct 2024 04:27:14 -0700 

Hi there,
this email is to propose we mark the nss package in debian bullseye as not affected by CVE-2024-7531 [0]. 


The upstream patch is clearly identified [1], but debian/bullseye [2] just 
doesn't contain the affected code.


We did a similar thing for debian/{jessie,stretch,buster} already [3].

Please let me know.

regards.

[0] https://deb.freexian.com/extended-lts/tracker/CVE-2024-7531
[1] 
https://hg.mozilla.org/projects/nss/rev/525c5044cc9e53f5015c697b04b1405df91003ac

[2] 
https://salsa.debian.org/lts-team/packages/nss/-/blob/debian/bullseye/nss/lib/freebl/chacha20poly1305.c 

[3] 
https://salsa.debian.org/freexian-team/extended-lts/security-tracker/-/commit/63a2644df9b5a350d6976c5ba571a535c931fd14
























					Reply via email to