This information used to be in NSS release notes, which was helpful to know when a new release was important to pick up promptly, but it hasn't been for more recent CVEs like this one and CVE-2017-7502.
Thanks, - Chris -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto