The NSS Development Team announces the release of NSS 3.20.2 Network Security Services (NSS) 3.20.2 is a patch release for NSS 3.20 to fix a security-relevant bug.
No new functionality is introduced in this release. The following security-relevant bug has been resolved in NSS 3.20.2. Users are encouraged to upgrade immediately. * Bug 1158489 (CVE-2015-7575): Prevent MD5 Downgrade in TLS 1.2 Signatures The full release notes are available at https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.2_release_notes The HG tag is NSS_3_20_2_RTM. NSS 3.20.2 requires NSPR 4.10.10 or newer. NSS 3.20.2 source distributions are available on ftp.mozilla.org for secure HTTPS download: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_20_2_RTM/src/ The NSS development team would like to thank Karthikeyan Bhargavan from INRIA for responsibly disclosing the issue in Bug 1158489. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto