On Mon, May 25, 2015 at 11:21:26AM -0700, Andrew Ayer wrote: > On Wed, 20 May 2015 06:39:06 +0000 > ow...@bugs.debian.org (Debian Bug Tracking System) wrote: > > > On Wed, May 20, 2015 at 05:58:55PM +1200, VeNoMouS wrote: > > > > > > > > > Seriously, how long do we have to wait on this to be fixed... > > > > It *is* fixed, but somehow the BTS doesn't show it in the graph. > > > > Now it's up to the security team as to what to do for jessie. > > Mike, thanks for uploading the new nss to unstable. > > Security team, are you planning a DSA for Jessie to fix this issue, or > should it go through the upcoming stable point release? (Note that > the queue for the point release will be frozen this upcoming weekend.) > > In either case, I wanted to help, so I've taken the upstream patch[1], > which is quite minimal and cleanly applies to the version of nss in > Jessie, and prepared an updated package with the patch. Debdiff > attached, and .dsc available here: > > https://www.cloudmutt.com/s/nss_chain_patch/ > > I've built it on Jessie and tested it - it fixes the problem and > doesn't appear to have had any adverse effects. Let me know if I've > missed anything or could do anything else to help.
It's up to Mike whether to fix that in the upcoming point release. We're not planning a DSA for this issue alone, but it can be fixed along when upstream releases changes to address the weakdh issue. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org