On 10/25/24 14:32, Santiago Ruano Rincón wrote:
I am not subscribed to dev-tech-crypto, and I don't have access to
https://bugzilla.mozilla.org/show_bug.cgi?id=1905691. Even if the bug
reference found at
https://www.mozilla.org/en-US/security/advisories/mfsa2024-33/#CVE-2024-7531
matches the data from
https://hg.mozilla.org/projects/nss/rev/525c5044cc9e53f5015c697b04b1405df91003ac,
I would feel more comfortable if upstream confirmed that the commit ^ above
fixes the vulnerability. Arturo, could you please ask upstream to confirm
that reference is correct?
Hi,
they have confirmed this.
See:
https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/h3Q2S0n2vTg/m/DBunGcshAwAJ
regards.
