Hi Arturo, we don't plan on backporting any of the patches for CVE-2023-6135 to the NSS 3.90 branch at this time. The patches you linked to are, unfortunately, not sufficient to fix the issue. Short of copying the entire lib/freebl/ecl directory from NSS 3.101 (along with its dependencies in lib/freebl/verified, and the build system changes), I don't see a straightforward way to fix the 3.90 branch, much less 3.42.
Best, John On Tue, Jun 25, 2024 at 3:43 AM Arturo Borrero Gonzalez <arturo.borrero.g...@gmail.com> wrote: > > On 6/24/24 18:25, Dana Keeler wrote: > > To save others from potential confusion, the CVE in question is > > CVE-2023-6135, > > not 6125. > > > > Correct, there was a typo on my side. > > -- > You received this message because you are subscribed to the Google Groups > "dev-tech-crypto@mozilla.org" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to dev-tech-crypto+unsubscr...@mozilla.org. > To view this discussion on the web visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-tech-crypto/e5661ab0-e0f0-42da-9827-a394e4bdb633%40gmail.com. -- You received this message because you are subscribed to the Google Groups "dev-tech-crypto@mozilla.org" group. To unsubscribe from this group and stop receiving emails from it, send an email to dev-tech-crypto+unsubscr...@mozilla.org. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-tech-crypto/CAFgAd7FGLiCa06pqNt%3DsEmF-L2DZ_-4bkEc4D5Cwiw3P1O97eQ%40mail.gmail.com.
