Comment 1 for bug 1959126

Bug 1737470 fix introduced https://hg.mozilla.org/projects/nss/rev/dea71cbef9e03636f37c6cb120f8deccce6e17dd, which is the patch applied as debian/patches/CVE-2021-43527.patch in the current jammy package to fix CVE-2021-43527.

While Bug 1735028 is also private, its fix is not included in our current patches.

Finally, SHA-2 support to mozilla::pkix's OCSP implementation is also not present in our delta (https://bugzilla.mozilla.org/show_bug.cgi?id=966856). Meaning that going for the update would include support to SHA-2 hashes in CertIDs in OCSP responses.