Hi there, I'm interesting in having a patch for CVE-2024-7531 available for the nss version we have in Debian Bullseye (nss 3.61).
We have some information [0] about the code that introduced the vulnerability [1] and the patch that fixes it [2], but the patch does not apply cleanly to the code in 3.61, and I would kindly ask if you can double check it, and provide a patch that applies directly to that branch. Please, let me know if you can help with this. thanks, regards. [0] https://deb.freexian.com/extended-lts/tracker/CVE-2024-7531 [1] https://hg.mozilla.org/projects/nss/rev/d5deac55f54350d60fd6ae69899ac399fdfcfc72 [2] https://hg.mozilla.org/projects/nss/rev/525c5044cc9e53f5015c697b04b1405df91003ac -- You received this message because you are subscribed to the Google Groups "dev-tech-crypto@mozilla.org" group. To unsubscribe from this group and stop receiving emails from it, send an email to dev-tech-crypto+unsubscr...@mozilla.org. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-tech-crypto/10f28996-666b-4b16-bae0-1acf2daa4c15n%40mozilla.org.
