On Tue, Dec 29, 2015 at 4:13 PM, Bojan Smojver <bojan(a)rexursive.com> wrote:
Eric Griffith <egriffith92 <at> gmail.com> writes:
> Is there any reason Fedora would not...? Regardless you could diff the
source code that was used to make the 43.0.1-fedora RPM vs whats in 43.0.2
and see if the hole is unpatched.
There may be a reason. Fedora relies on NSS/NSPR packages for some of the
stuff that Windows folks get bundled with FF, AFAIK. So, a maintainer of FF
would know such things.
Comparing source will not necessarily give the correct answer, as that part
of it may be unused in Fedora builds. Again, maintainer of FF would know.
Ergo, the question.
Is there a simple way to test if the issue is a problem on Fedora? I
don't even know of any sites with TLS 1.2 using MD5 signatures,
especially when Chrome "broke" signatures that weren't SHA-256 or
better for SSLv3 and stronger a year ago...
--
真実はいつも一つ!/ Always, there's only one truth!