Red Hat Bugzilla – Bug 830302
Update RHEL 6.x to NSS 3.13.5 and NSPR 4.9.1 for Mozilla 10.0.6
Last modified: 2012-11-19 11:54:41 EST
Mozilla 10.0.6 is scheduled for mid July.
We had earlier discussed this might be the right time to pick up NSS 3.13.4 (which has been shipped by upstream already in Mozilla 10.0.5).
Meanwhile NSS 3.13.5 has been released, which has minimal changes on top of 3.13.4, but contains a highly recommended correctness fix.
Therefore I propose to update to NSS 3.13.5 for RHEL 6 together with the next planned stable Mozilla release 10.0.6 (which will either ship with 3.13.4 or 3.13.5).
In addition, together with NSS 3.13.5, also NSPR 4.9.1 was released. Upstream 10.0.6 might keep the older NSPR, however, NSPR 4.9.1 picks up correctness fixes and has very few other changes (mostly outside the Linux domain). Although not strictly necessary, I recommend updating to NSPR 4.9.1 because of the minimal amount of changes and for versioning consistency.
Sure, but if I include CVE-2012-0441 in it, it could become an ASYNC advisory.
Closing this y-stream original of a z-stream bug since it is overridden by rhel-6.4 bug 837089.
*** This bug has been marked as a duplicate of bug 837089 ***