On Tue, Dec 29, 2015 at 4:13 PM, Bojan Smojver <bojan@xxxxxxxxxxxxx> wrote: > Eric Griffith <egriffith92 <at> gmail.com> writes: > >> Is there any reason Fedora would not...? Regardless you could diff the > source code that was used to make the 43.0.1-fedora RPM vs whats in 43.0.2 > and see if the hole is unpatched. > > There may be a reason. Fedora relies on NSS/NSPR packages for some of the > stuff that Windows folks get bundled with FF, AFAIK. So, a maintainer of FF > would know such things. > > Comparing source will not necessarily give the correct answer, as that part > of it may be unused in Fedora builds. Again, maintainer of FF would know. > Ergo, the question. > Is there a simple way to test if the issue is a problem on Fedora? I don't even know of any sites with TLS 1.2 using MD5 signatures, especially when Chrome "broke" signatures that weren't SHA-256 or better for SSLv3 and stronger a year ago... -- 真実はいつも一つ!/ Always, there's only one truth! -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
