Hi Arturo, the note is correct. Here's the patch:
diff --git lib/freebl/ec.c lib/freebl/ec.c
--- lib/freebl/ec.c
+++ lib/freebl/ec.c
@@ -297,6 +297,10 @@ done:
cleanup:
mp_clear(&k);
+if (err < MP_OKAY) {
+MP_TO_SEC_ERROR(err);
+rv = SECFailure;
+}
if (rv) {
Hi there,
I'm interested in having a patch for CVE-2024-6609 available for the nss
version we have in Debian Bullseye (nss 3.61).
We have a note [0] that mentions this:
=== 8< ===
To address CVE in older versions of src:nss what is needed is to add the
error
handling code (confirmed by upstrea
