On Thu, Jan 7, 2016 at 1:40 AM, Kai Engert <k...@kuix.de> wrote: > On Fri, 2015-11-13 at 18:51 +0100, Kai Engert wrote: >> The full release notes, including the SHA1 fingerprints of the changed >> CA certificates, are available at >> https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes > > The above release notes have been updated to clarify that NSS 3.21 includes a > fix for the following security-relevant bug: > > * Bug 1158489 (CVE-2015-7575): > Prevent MD5 Downgrade in TLS 1.2 Signatures > > The NSS development team would like to thank Karthikeyan Bhargavan from INRIA > for responsibly disclosing the issue in Bug 1158489.
Now that the fix is released, can the bug please be made public? Thanks, Peter -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
