Hi Arturo, NSS 3.61 is not affected. The bug was introduced in 3.72. Cheers, John
On Wed, Oct 23, 2024 at 4:01 AM Arturo Borrero Gonzalez <arturo.borrero.g...@gmail.com> wrote: > > Hi there, > > I'm interesting in having a patch for CVE-2024-7531 available for the nss > version we have in Debian Bullseye (nss 3.61). > > We have some information [0] about the code that introduced the vulnerability > [1] and the patch that fixes it [2], but the patch does not apply cleanly to > the code in 3.61, and I would kindly ask if you can double check it, and > provide a patch that applies directly to that branch. > > Please, let me know if you can help with this. > > thanks, regards. > > [0] https://deb.freexian.com/extended-lts/tracker/CVE-2024-7531 > [1] > https://hg.mozilla.org/projects/nss/rev/d5deac55f54350d60fd6ae69899ac399fdfcfc72 > [2] > https://hg.mozilla.org/projects/nss/rev/525c5044cc9e53f5015c697b04b1405df91003ac > > -- > You received this message because you are subscribed to the Google Groups > "dev-tech-crypto@mozilla.org" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to dev-tech-crypto+unsubscr...@mozilla.org. > To view this discussion on the web visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-tech-crypto/10f28996-666b-4b16-bae0-1acf2daa4c15n%40mozilla.org. -- You received this message because you are subscribed to the Google Groups "dev-tech-crypto@mozilla.org" group. To unsubscribe from this group and stop receiving emails from it, send an email to dev-tech-crypto+unsubscr...@mozilla.org. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-tech-crypto/CAFgAd7Es6Cq-YW2fz%3D7DZi1xgg3vCaNJ-Vq9GjPzGSY%3Dk25OtQ%40mail.gmail.com.
