Closed Bug 1558548 Opened 6 years ago Closed 6 years ago

Upgrade Firefox 60 ESR to use NSS 3.36.8

Tracking

()

Status:

RESOLVED FIXED

Tracking Flags:

Tracking

Status

firefox-esr60

68+

fixed

firefox-esr68

---

unaffected

People

(Reporter: jcj, Assigned: jcj)

References

(Blocks 1 open bug)

Details

(Keywords: csectype-other, sec-high, Whiteboard: [post-critsmash-triage])

Attachments

(1 file)

Update to 3_36_8_RTM 6 years ago J.C. Jones [:jcj] (he/they) 88 bytes, text/plain	RyanVM : approval-mozilla-esr60+	Details

J.C. Jones [:jcj] (he/they)

Assignee

Description

•

6 years ago

[Tracking Requested - why for this release]:

This is an update for NSS 3.36 for Firefox ESR 60. It contains patches for:

Bug 1515342, a sec-high
Bug 1540541, a sec-moderate

When ready, the tag will be NSS_3_36_8_RTM.

Ryan VanderMeulen [:RyanVM]

Updated

•

6 years ago

status-firefox-esr60: --- → affected

tracking-firefox-esr60: ? → 68+

Daniel Veditz [:dveditz]

Updated

•

6 years ago

Keywords: csectype-other, sec-high

J.C. Jones [:jcj] (he/they)

Assignee

Comment 1

•

6 years ago

Upon further discussion, we will also be taking

Bug 1554336, a sec-moderate

J.C. Jones [:jcj] (he/they)

Assignee

Comment 2

•

6 years ago

NSS_3_36_8_RTM is tagged. I will package a script and a patch against ESR 60 to this bug soon.

Flags: needinfo?(jjones)

J.C. Jones [:jcj] (he/they)

Assignee

Comment 3

•

6 years ago

Attached file Update to 3_36_8_RTM — Details

ESR Uplift Approval Request

If this is not a sec:{high,crit} bug, please state case for ESR consideration:
User impact if declined: One sec-high and two sec-moderate bugs that are easily exploitable.
Fix Landed on Version: 69 (backporting to 68, too)
Risk to taking this patch: Low
Why is the change risky/not risky? (and alternatives if risky): These fixes mostly affect corner-case correctness
String or UUID changes made by this patch: None

Flags: needinfo?(jjones)

Attachment #9073315 - Flags: approval-mozilla-esr60?

J.C. Jones [:jcj] (he/they)

Assignee

Updated

•

6 years ago

Depends on: 1554336

Ryan VanderMeulen [:RyanVM]

Comment 4

•

6 years ago

Comment on attachment 9073315 [details] Update to 3_36_8_RTM Picks up some NSS security fixes. Approved for 60.8esr.

Attachment #9073315 - Flags: approval-mozilla-esr60? → approval-mozilla-esr60+

Ryan VanderMeulen [:RyanVM]

Comment 5

•

6 years ago

uplift

https://hg.mozilla.org/releases/mozilla-esr60/rev/a26b1ffa200a

Status: ASSIGNED → RESOLVED

Closed: 6 years ago

status-firefox-esr60: affected → fixed

Resolution: --- → FIXED

Bogdan Maris, Desktop Test Engineering

Updated

•

6 years ago

Flags: qe-verify-

Whiteboard: [post-critsmash-triage]

Daniel Veditz [:dveditz]

Updated

•

5 years ago

status-firefox-esr68: --- → unaffected

Daniel Veditz [:dveditz]

Updated

•

4 years ago

Group: core-security-release

Benjamin Beurdouche [:beurdouche]

Updated

•

1 year ago

Blocks: nss-uplift

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Upgrade Firefox 60 ESR to use NSS 3.36.8

Categories

(Core :: Security: PSM, task, P1)

Tracking

()

People

(Reporter: jcj, Assigned: jcj)

References

(Blocks 1 open bug)

Details

(Keywords: csectype-other, sec-high, Whiteboard: [post-critsmash-triage])

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Updated

Updated

Comment 1

Comment 2

Comment 3

ESR Uplift Approval Request

Updated

Comment 4

Comment 5

Updated

Updated

Updated

Updated

Attachment

General

Description

File Name

Content Type