While Bug 1735028 is also private, its fix is not included in our current patches.
Finally, SHA-2 support to mozilla::pkix's OCSP implementation is also not present in our delta (https://bugzilla.mozilla.org/show_bug.cgi?id=966856). Meaning that going for the update would include support to SHA-2 hashes in CertIDs in OCSP responses.
Bug 1737470 fix introduced https:/ /hg.mozilla. org/projects/ nss/rev/ dea71cbef9e0363 6f37c6cb120f8de ccce6e17dd, which is the patch applied as debian/ patches/ CVE-2021- 43527.patch in the current jammy package to fix CVE-2021-43527.
While Bug 1735028 is also private, its fix is not included in our current patches.
Finally, SHA-2 support to mozilla::pkix's OCSP implementation is also not present in our delta (https:/ /bugzilla. mozilla. org/show_ bug.cgi? id=966856). Meaning that going for the update would include support to SHA-2 hashes in CertIDs in OCSP responses.