Bug 830302

Summary: Update RHEL 6.x to NSS 3.13.5 and NSPR 4.9.1 for Mozilla 10.0.6
Product: Red Hat Enterprise Linux 6 Reporter: Kai Engert (:kaie) <kengert>
Component: nssAssignee: Elio Maldonado Batiz <emaldona>
Status: CLOSED DUPLICATE QA Contact: Aleš Mareček <amarecek>
Severity: unspecified Docs Contact:
Priority: high    
Version: 6.3CC: amarecek, ebenes, huzaifas, jrb, jrieden, ksrot, rrelyea, stransky
Target Milestone: rcKeywords: Rebase, ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Fixed In Version: nss-3.13.5-2.el6 Doc Type: Rebase: Bug Fixes and Enhancements
Doc Text:
Story Points: ---
Clone Of:
: 833149 833480 (view as bug list) Environment:
Last Closed: 2012-10-29 12:40:22 EDT Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 833149, 833480    
Bug Blocks: 834100    

Description Kai Engert (:kaie) 2012-06-08 15:25:07 EDT
Mozilla 10.0.6 is scheduled for mid July.

We had earlier discussed this might be the right time to pick up NSS 3.13.4 (which has been shipped by upstream already in Mozilla 10.0.5).

Meanwhile NSS 3.13.5 has been released, which has minimal changes on top of 3.13.4, but contains a highly recommended correctness fix.

Therefore I propose to update to NSS 3.13.5 for RHEL 6 together with the next planned stable Mozilla release 10.0.6  (which will either ship with 3.13.4 or 3.13.5).

In addition, together with NSS 3.13.5, also NSPR 4.9.1 was released. Upstream 10.0.6 might keep the older NSPR, however, NSPR 4.9.1 picks up correctness fixes and has very few other changes (mostly outside the Linux domain). Although not strictly necessary, I recommend updating to NSPR 4.9.1 because of the minimal amount of changes and for versioning consistency.
Comment 10 Huzaifa S. Sidhpurwala 2012-06-20 00:58:51 EDT
Sure, but if I include CVE-2012-0441 in it, it could become an ASYNC advisory.
Comment 13 Karel Srot 2012-10-29 12:40:22 EDT
Closing this y-stream original of a z-stream bug since it is overridden by rhel-6.4 bug 837089.

*** This bug has been marked as a duplicate of bug 837089 ***