A new paper by the PROSECCO/INRIA research team published at Real World Crypto uncovered various issues with weak hash functions.
One of them is a client impersonation attack enabled by the fact that nss will accept RSA-MD5 signatures for client authentication. nss 3.21 fixes this.
nss 3.21 is already in the tree, but not yet stabilized. The Mozilla upstream bug report is still private:
We should stabilize nss 3.21.
According to what  reads right now, these Gentoo packages are also affected:
net-libs/polarssl (all versions)
Should those be dedicated bug reports or should this very ticket handle them all?
(In reply to Sebastian Pipping from comment #1)
> Should those be dedicated bug reports or should this very ticket handle them
The cleanest by far is dedicated bug reports and blocking a tracker bug for the overall issue.
I got the OK from vapier that the changes he made to nss-3.21-r2 should be good to go for stabilization, let's do it:
Arches, please stabilize =dev-libs/nss-3.21-r2
Stable for HPPA.
3.21 fixes another vuln (found by me actually), I'll just add the CVE to the description here.
Stable on alpha.
Stable for PPC64.
*** Bug 571518 has been marked as a duplicate of this bug. ***
Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
3.20 is still in the tree...
@maintainer(s), can you please clean this?
This issue was resolved and addressed in
GLSA 201701-46 at https://security.gentoo.org/glsa/201701-46
by GLSA coordinator Thomas Deutschmann (whissi).