diff -Nru nss-3.19.2.1/debian/changelog nss-3.19.2.1/debian/changelog
--- nss-3.19.2.1/debian/changelog	2015-11-04 16:40:51.000000000 +0000
+++ nss-3.19.2.1/debian/changelog	2016-01-07 18:23:09.000000000 +0000
@@ -1,3 +1,12 @@
+nss (2:3.19.2.1-0ubuntu0.15.04.2) vivid-security; urgency=medium
+
+  * SECURITY UPDATE: incorrect MD5 support with TLS 1.2
+    - debian/patches/CVE-2015-7575.patch: remove MD5 in
+      nss/lib/ssl/ssl3con.c.
+    - CVE-2015-7575
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 07 Jan 2016 13:23:09 -0500
+
 nss (2:3.19.2.1-0ubuntu0.15.04.1) vivid-security; urgency=medium
 
   * Updated to upstream 3.19.2.1 to fix two security issues.
diff -Nru nss-3.19.2.1/debian/patches/CVE-2015-7575.patch nss-3.19.2.1/debian/patches/CVE-2015-7575.patch
--- nss-3.19.2.1/debian/patches/CVE-2015-7575.patch	1970-01-01 00:00:00.000000000 +0000
+++ nss-3.19.2.1/debian/patches/CVE-2015-7575.patch	2016-01-07 18:23:06.000000000 +0000
@@ -0,0 +1,30 @@
+
+# HG changeset patch
+# User Martin Thomson <martin.thomson@gmail.com>
+# Date 1450293222 -3600
+# Node ID 94e1157f3fbbbe27d25d52b27088c645427bcc4b
+# Parent  4790f3f5f45b134c2d1bd0cebfae046ffc52fa38
+Bug 1158489, Remove obsolete entry, r=wtc
+
+diff --git a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
+--- a/nss/lib/ssl/ssl3con.c
++++ b/nss/lib/ssl/ssl3con.c
+@@ -4345,17 +4345,16 @@ ssl3_ConsumeHandshakeVariable(sslSocket 
+ }
+ 
+ /* tlsHashOIDMap contains the mapping between TLS hash identifiers and the
+  * SECOidTag used internally by NSS. */
+ static const struct {
+     int tlsHash;
+     SECOidTag oid;
+ } tlsHashOIDMap[] = {
+-    { tls_hash_md5, SEC_OID_MD5 },
+     { tls_hash_sha1, SEC_OID_SHA1 },
+     { tls_hash_sha224, SEC_OID_SHA224 },
+     { tls_hash_sha256, SEC_OID_SHA256 },
+     { tls_hash_sha384, SEC_OID_SHA384 },
+     { tls_hash_sha512, SEC_OID_SHA512 }
+ };
+ 
+ /* ssl3_TLSHashAlgorithmToOID converts a TLS hash identifier into an OID value.
+
diff -Nru nss-3.19.2.1/debian/patches/series nss-3.19.2.1/debian/patches/series
--- nss-3.19.2.1/debian/patches/series	2015-07-08 15:27:20.000000000 +0000
+++ nss-3.19.2.1/debian/patches/series	2016-01-07 18:23:06.000000000 +0000
@@ -5,3 +5,4 @@
 95_add_spi+cacert_ca_certs.patch
 97_SSL_RENEGOTIATE_TRANSITIONAL.patch
 relax_dh_size.patch
+CVE-2015-7575.patch