Hi, On 10/23/24 23:48, Santiago Ruano Rincón wrote:
I added the reference to the commit that introduced the vulnerability after you committed it to the elts security tracker.
I have no recollection of this. In any case, upstream confirmed [0] the vulnerability was introduced in nss 3.72. So CVE-2024-7531/nss does not affect debian bullseye LTS. regards.[0] https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/h3Q2S0n2vTg/m/abQtMoYYAgAJ
