Closed
Bug 1172917
Opened 9 years ago
Closed 9 years ago
Build SeaMonkey 2.35 with NSS 3.19.1+ to include fix for bug 1138554
Categories
(SeaMonkey :: Build Config, defect)
Tracking
(seamonkey2.35+ fixed, seamonkey2.36 unaffected)
RESOLVED
WORKSFORME
seamonkey2.35
Tracking | Status | |
---|---|---|
seamonkey2.35 | + | fixed |
seamonkey2.36 | --- | unaffected |
People
(Reporter: rsx11m.pub, Unassigned)
References
Details
DHE cyphers are vulnerable to a downgrade attack. This is fixed in NSS 3.19.1. Bug 1166031 included it for the 39.0 and 38.0 ESR branches, but not 38.0 retail: (Quoting Ryan VanderMeulen [:RyanVM UTC-4] from bug 1166031 comment #31) > https://hg.mozilla.org/releases/mozilla-beta/rev/a74ce2833a96 > https://hg.mozilla.org/releases/mozilla-beta/rev/b239d4243b6b > https://hg.mozilla.org/releases/mozilla-beta/rev/dc9c305024f4 (Quoting Ryan VanderMeulen [:RyanVM UTC-4] from bug 1166031 comment #46) > https://hg.mozilla.org/releases/mozilla-esr38/rev/b68c2aa2ba17 > https://hg.mozilla.org/releases/mozilla-esr38/rev/e4122cc66111 > https://hg.mozilla.org/releases/mozilla-esr38/rev/104927365946 Possible solutions: (a) build SeaMonkey 2.35 from mozilla-esr38 rather than mozilla-release; (b) commit bug 1166031 comment #46 changesets to SM 2.35 release branch on mozilla-release.
Note that b68c2aa2ba17 didn't land on THUNDERBIRD_38_0_20150603_RELBRANCH but apparently was merged into THUNDERBIRD_38_VERBRANCH with https://hg.mozilla.org/releases/mozilla-esr38/rev/8818cfba3036 (see https://hg.mozilla.org/releases/mozilla-esr38/graph/260526 for reference).
THUNDERBIRD_38_VERBRANCH now reflects 38.1.0 ESR which contains the current NSS 3.19.2 release.
Summary: Build SeaMonkey 2.35 with NSS 3.19.1 to include fix for bug 1138554 → Build SeaMonkey 2.35 with NSS 3.19.1+ to include fix for bug 1138554
Updated•9 years ago
|
Updated•9 years ago
|
Blocks: SM2.35-mozilla-release-Uplift
Comment 3•9 years ago
|
||
Since we plan to build SeaMonkey 2.35 off mozilla-esr38 (SEAMONKY_2_35_RELEASE_BRANCH) I'd say this particular bug is FIXED/WORKSFORME
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WORKSFORME
Target Milestone: --- → seamonkey2.35
You need to log in
before you can comment on or make changes to this bug.
Description
•