Package: release.debian.org Severity: normal Tags: jessie User: release.debian....@packages.debian.org Usertags: pu
Hi, as put out in more detail in https://lists.debian.org/debian-release/2016/02/msg00753.html we discussed in the LTS and security team the possibility to use the same NSS and NSPR upstream version in all suites to be able to handle things like CVE-2014-3566 and CVE-2015-4000 in a consistent manner. I'd like to propose this here again via a bug report so we have easier means of tracking/tagging. Would it be o.k. with the release team to update nss/nspr to the versions currently in sid/testing and continue to do so from here on. If it works out for jessie we'll do the same in LTS via wheezy-security. In order to increase confidence in the backports I've enabled the internal testsuites in nspr and nss. If this is o.k. I'm happy to attach debdiffs and provide a matching bug for nss as well. Cheers, -- Guido -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (990, 'testing'), (500, 'stable-updates'), (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.4.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
