The NSS team has released Network Security Services (NSS) 3.36.5,
which is a patch release for NSS 3.36.

It fixes the following bug:
* Bug 1483128 - NSS responded to an SSLv2-compatible ClientHello
  with a ServerHello that had an all-zero random (CVE-2018-12384)

The full release notes are available at

The HG tag is NSS_3_36_5_RTM. NSS 3.36.5 requires NSPR 4.19 or newer.

NSS 3.36.5 source distributions are available for secure download:
dev-tech-crypto mailing list

Reply via email to