Source: nss Version: 2:3.38-1 Severity: important Tags: security upstream Forwarded: https://bugzilla.mozilla.org/show_bug.cgi?id=1483128
Hi, The following vulnerability was published for nss. CVE-2018-12384[0]: ServerHello.random is all zero when handling a v2-compatible ClientHello If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-12384 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12384 [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1483128 [2] https://hg.mozilla.org/projects/nss/rev/2ed9f6afd84e (NSS_3_39_BRANCH) Please adjust the affected versions in the BTS as needed. Regards, Salvatore
