Hi, On Sun, 14 Jul 2019, Roberto C. Sánchez wrote: > My inclination is to add the 3.26.2 patch to the nss in jessie. > However, I wanted to ask before making that change in the event that > there is a reason the change should not be made. > > Do you have any insight you can add here?
I don't remember anything but you can lookup https://lists.debian.org/debian-lts/2016/12/threads.html and it seems that the security team had no CVE severe enough to justify an update at that time. I think you can bump to 3.26.2 if you think it's the right course of action. Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: https://www.freexian.com/services/debian-lts.html Learn to master Debian: https://debian-handbook.info/get/
