Public bug reported: 3.12.6-0ubuntu1 in Ubuntu includes a fix for CVE-2009-3555, however it uses strict checking which breaks clients connecting to unpatched servers. This is http://bugs.debian.org/cgi- bin/bugreport.cgi?bug=561918. While not the current upstream default, transitional is the recommendation from upstream (from email exchange).
** Affects: nss (Ubuntu) Importance: High Assignee: Chris Coulson (chrisccoulson) Status: In Progress ** Changed in: nss (Ubuntu) Importance: Undecided => High ** Changed in: nss (Ubuntu) Status: New => In Progress ** Changed in: nss (Ubuntu) Milestone: None => ubuntu-10.04-beta-2 ** Changed in: nss (Ubuntu) Assignee: (unassigned) => Chris Coulson (chrisccoulson) -- nss should use transitional scheme for renegotiation https://bugs.launchpad.net/bugs/553251 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs