The NSS team has released Network Security Services (NSS) 3.36.5, which is a patch release for NSS 3.36.
It fixes the following bug: * Bug 1483128 - NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random (CVE-2018-12384) The full release notes are available at https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.5_release_notes The HG tag is NSS_3_36_5_RTM. NSS 3.36.5 requires NSPR 4.19 or newer. NSS 3.36.5 source distributions are available for secure download: https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_36_5_RTM/src/ -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto