This proposes to pick up the NSS fix CVE-2013-1739 released by upstream in NSS 3.15.2 from https://bugzilla.mozilla.org/show_bug.cgi?id=894370
The bug is not yet publicly visible.
The patch is small and changes the SSL library contained in the NSS main package (not softokn, not util).
- either pick up NSS 3.15.2 for RHEL 7 initial release
- or add the patch from https://bugzilla.mozilla.org/show_bug.cgi?id=894370
After discussing on IRC:
We'd prefer to rebase RHEL 7 to NSS 3.15.2
This will require also to update the nss-util and nss-softokn packages, which should be trivial?
*** Bug 1012655 has been marked as a duplicate of this bug. ***
If this feature or issue should be documented in the Release or Technical Notes for RHEL 7.0 Beta, please select the correct Doc Type from the drop-down menu and enter a description in Doc Text.
For info about the differences between known issues, driver updates, deprecated functionality, release notes and Technology Previews, see:
If you have questions, please email firstname.lastname@example.org.