This bug has been copied from bug #1099619 and has been proposed
to be backported to 6.5 z-stream (EUS).
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
This rebase is a problem for the RHEL7 in-place upgrade!
RHEL6 has a newer version than RHEL7...
(In reply to Morten Stevens from comment #11)
> This rebase is a problem for the RHEL7 in-place upgrade!
> el6: nss-3.16.1-2.el6_5
> el7: nss-3.15.4-7.el7_0
> RHEL6 has a newer version than RHEL7...
Yes, that's a problem. Mozilla made their decision regarding a CVE so late that we were forced to just backport a fix rather than rebase as there wasn't enough time for various QE teams to test their products that depend on nss. It was decided to pospone the nss rebase to a subsequent async update which would give sufficient time for comprehensive testing. I posted comments at https://bugzilla.redhat.com/show_bug.cgi?id=1112136#c11.
Wrong URL, see https://bugzilla.redhat.com/show_bug.cgi?id=1103252#c3 and subequent.
We should document this issue in the KB about in-place upgrades - and recommend downgrade of this specific nss package(s) just before running in-place upgrade. We can deal with package downgrades, but only via preupgrade-assistant-contents - and they contain static lists valid at the time of the package build (unfortunately, we don't have other option, as in preupgrade-assistant we don't operate with RHEL7 repos). This causes issues with z-stream updates.