On Thu, Jan 7, 2016 at 1:40 AM, Kai Engert <k...@kuix.de> wrote:
> On Fri, 2015-11-13 at 18:51 +0100, Kai Engert wrote:
>> The full release notes, including the SHA1 fingerprints of the changed
>> CA certificates, are available at
>> https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes
> The above release notes have been updated to clarify that NSS 3.21 includes a
> fix for the following security-relevant bug:
> * Bug 1158489 (CVE-2015-7575):
>   Prevent MD5 Downgrade in TLS 1.2 Signatures
> The NSS development team would like to thank Karthikeyan Bhargavan from INRIA
> for responsibly disclosing the issue in Bug 1158489.

Now that the fix is released, can the bug please be made public?

dev-tech-crypto mailing list

Reply via email to