On 6/27/24 21:12, John Schanck wrote:
Hi Arturo,
we don't plan on backporting any of the patches for CVE-2023-6135 to
the NSS 3.90 branch at this time. The patches you linked to are,
unfortunately, not sufficient to fix the issue. Short of copying the
entire lib/freebl/ecl directory from NSS 3.101 (along with its
dependencies in lib/freebl/verified, and the build system changes), I
don't see a straightforward way to fix the 3.90 branch, much less
3.42.
Hi John,
this analysis you made is very valuable for us.
thanks for this information, really appreciated.
regards.
--
You received this message because you are subscribed to the Google Groups
"dev-tech-crypto@mozilla.org" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to dev-tech-crypto+unsubscr...@mozilla.org.
To view this discussion on the web visit
https://groups.google.com/a/mozilla.org/d/msgid/dev-tech-crypto/c9c9499b-f95d-4f92-bb6b-d5f322947453%40gmail.com.
