Hi there, I'm interested in having a patch for CVE-2024-6609 available for the nss version we have in Debian Bullseye (nss 3.61).
We have a note [0] that mentions this: === 8< === To address CVE in older versions of src:nss what is needed is to add the error handling code (confirmed by upstream): https://searchfox.org/nss/rev/ba9330537e6e94971de8b9bc49460891b23afd4f/lib/freebl/ec.c#379-382 to the ec_NewKey function, in the cleanup section, after mp_clear and before `if (rv)`. === 8< === I was hoping that you could provide this patch yourself, because I don't think just a copy/paste (like the note seems to suggest), would be enough. Please, let me know if you can help with this. thanks, regards. [0] https://security-tracker.debian.org/tracker/CVE-2024-6609 -- You received this message because you are subscribed to the Google Groups "dev-tech-crypto@mozilla.org" group. To unsubscribe from this group and stop receiving emails from it, send an email to dev-tech-crypto+unsubscr...@mozilla.org. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-tech-crypto/66071e21-a687-49f2-a709-5244a06438b6n%40mozilla.org.
