Hi, sorry for the late follow up.
On 10/16/24 00:38, Santiago Ruano Rincón wrote:
Again, you can also ask upstream. They are in a better position to tell
you if the vulnerability is present in 3.61 or not.
For the record, I have just now sent an email to upstream:
https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/h3Q2S0n2vTg/m/-moy2IT7AQAJ
So, I wonder if the commit introducing the vulnerability has been
incorrectly identified?
Where does that reference (the introducing commit) come from?
I have no idea, I haven't investigated that bit.
regards.
