| Summary: | Firefox 68.1 and 60.9, NSPR 4.22 and rootcerts update | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Nicolas Salguero <nicolas.salguero> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | critical | ||
| Priority: | Normal | CC: | andrewsfarm, brtians1, fri, herman.viaene, jim, joselp, sysadmin-bugs, thierry.vignaud, tmb, wrw105 |
| Version: | 7 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA6TOO, MGA7-64-OK MGA7-32-OK mga6-32-ok MGA6-64-OK | ||
| Source RPM: | firefox, firefox-l10n, rootcerts, nspr, nss | CVE: | |
| Status comment: | |||
| Bug Depends on: | 24750 | ||
| Bug Blocks: | 25396 | ||
|
Description
Nicolas Salguero
2019-08-26 11:09:22 CEST
Nicolas Salguero
2019-08-26 11:10:14 CEST
Whiteboard:
(none) =>
MGA7TOO rootcerts and nspr (4.22) updates to come with this (plus nss rebuild for rootcerts). https://hg.mozilla.org/projects/nss/log/default/lib/ckfw/builtins/certdata.txt https://groups.google.com/forum/#!topic/mozilla.dev.tech.nspr/RQtSKOF9rM0 Since Mageia 6 won't be getting a Firefox update, it'll have a different advisory for the rootcerts/nspr update. Package list (Mageia 6): rootcerts-20190820.00-1.mga6 rootcerts-java-20190820.00-1.mga6 libnspr4-4.22-1.mga6 libnspr-devel-4.22-1.mga6 nss-3.36.8-1.2.mga6 nss-doc-3.36.8-1.2.mga6 libnss3-3.36.8-1.2.mga6 libnss-devel-3.36.8-1.2.mga6 libnss-static-devel-3.36.8-1.2.mga6 from SRPMS: rootcerts-20190820.00-1.mga6.src.rpm nspr-4.22-1.mga6.src.rpm nss-3.36.8-1.2.mga6.src.rpm Package list (Mageia 7, not including firefox/firefox-l10n): rootcerts-20190820.00-1.mga7 rootcerts-java-20190820.00-1.mga7 libnspr4-4.22-1.mga7 libnspr-devel-4.22-1.mga7 nss-3.45.0-1.1.mga7 nss-doc-3.45.0-1.1.mga7 libnss3-3.45.0-1.1.mga7 libnss-devel-3.45.0-1.1.mga7 libnss-static-devel-3.45.0-1.1.mga7 from SRPMS: rootcerts-20190820.00-1.mga7.src.rpm nspr-4.22-1.mga7.src.rpm nss-3.45.0-1.1.mga7.src.rpm Thank you DavidW for jumping on this. Assigning globally as there is no specific maintainer for Firefox; CC'ing Thierry (I hope the right one) who has often dealt with it in the past. CC:
(none) =>
thierry.vignaud For Firefox itself, Nicolas is working on it. Hi, Done for Mageia 7 (firefox, firefox-l10n). The main problem is for Cauldron where the build fails for i586 (same problem as several weeks ago: build killed apparently because of the timeout but the timeout is normally reached after 10 hours and the build is killed after a little more than an hour). Best regards, Nico. Package list for Firefox itself (the rest of the list is in Comment 2): firefox-68.0.2-1.mga7 firefox-devel-68.0.2-1.mga7 firefox-af-68.0.2-1.mga7 firefox-an-68.0.2-1.mga7 firefox-ar-68.0.2-1.mga7 firefox-ast-68.0.2-1.mga7 firefox-az-68.0.2-1.mga7 firefox-bg-68.0.2-1.mga7 firefox-bn-68.0.2-1.mga7 firefox-br-68.0.2-1.mga7 firefox-bs-68.0.2-1.mga7 firefox-ca-68.0.2-1.mga7 firefox-cs-68.0.2-1.mga7 firefox-cy-68.0.2-1.mga7 firefox-da-68.0.2-1.mga7 firefox-de-68.0.2-1.mga7 firefox-el-68.0.2-1.mga7 firefox-en_GB-68.0.2-1.mga7 firefox-en_US-68.0.2-1.mga7 firefox-eo-68.0.2-1.mga7 firefox-es_AR-68.0.2-1.mga7 firefox-es_CL-68.0.2-1.mga7 firefox-es_ES-68.0.2-1.mga7 firefox-es_MX-68.0.2-1.mga7 firefox-et-68.0.2-1.mga7 firefox-eu-68.0.2-1.mga7 firefox-fa-68.0.2-1.mga7 firefox-ff-68.0.2-1.mga7 firefox-fi-68.0.2-1.mga7 firefox-fr-68.0.2-1.mga7 firefox-fy_NL-68.0.2-1.mga7 firefox-ga_IE-68.0.2-1.mga7 firefox-gd-68.0.2-1.mga7 firefox-gl-68.0.2-1.mga7 firefox-gu_IN-68.0.2-1.mga7 firefox-he-68.0.2-1.mga7 firefox-hi_IN-68.0.2-1.mga7 firefox-hr-68.0.2-1.mga7 firefox-hsb-68.0.2-1.mga7 firefox-hu-68.0.2-1.mga7 firefox-hy_AM-68.0.2-1.mga7 firefox-id-68.0.2-1.mga7 firefox-is-68.0.2-1.mga7 firefox-it-68.0.2-1.mga7 firefox-ja-68.0.2-1.mga7 firefox-kk-68.0.2-1.mga7 firefox-km-68.0.2-1.mga7 firefox-kn-68.0.2-1.mga7 firefox-ko-68.0.2-1.mga7 firefox-lij-68.0.2-1.mga7 firefox-lt-68.0.2-1.mga7 firefox-lv-68.0.2-1.mga7 firefox-mk-68.0.2-1.mga7 firefox-mr-68.0.2-1.mga7 firefox-ms-68.0.2-1.mga7 firefox-nb_NO-68.0.2-1.mga7 firefox-nl-68.0.2-1.mga7 firefox-nn_NO-68.0.2-1.mga7 firefox-pa_IN-68.0.2-1.mga7 firefox-pl-68.0.2-1.mga7 firefox-pt_BR-68.0.2-1.mga7 firefox-pt_PT-68.0.2-1.mga7 firefox-ro-68.0.2-1.mga7 firefox-ru-68.0.2-1.mga7 firefox-si-68.0.2-1.mga7 firefox-sk-68.0.2-1.mga7 firefox-sl-68.0.2-1.mga7 firefox-sq-68.0.2-1.mga7 firefox-sr-68.0.2-1.mga7 firefox-sv_SE-68.0.2-1.mga7 firefox-ta-68.0.2-1.mga7 firefox-te-68.0.2-1.mga7 firefox-th-68.0.2-1.mga7 firefox-tr-68.0.2-1.mga7 firefox-uk-68.0.2-1.mga7 firefox-uz-68.0.2-1.mga7 firefox-vi-68.0.2-1.mga7 firefox-xh-68.0.2-1.mga7 firefox-zh_CN-68.0.2-1.mga7 firefox-zh_TW-68.0.2-1.mga7 from SRPMS: firefox-68.0.2-1.mga7.src.rpm firefox-l10n-68.0.2-1.mga7.src.rpm I'd say don't worry about Cauldron for now and we can go ahead and push these updates to QA. For Mageia 6: Suggested advisory: ======================== The updated packages fix several bugs: For rootcerts: - Remove Swisscom Root CA 2 root certificate. - Remove Expired root certificates - Class 2 Primary, UTN-USERFirst-Client, Deutsche Telekom Root CA 2. For NSPR: - Added support for the ARC architecture. - Removed support for the following platforms: OSF1/Tru64, DGUX, IRIX, Symbian, BeOS. - Correctness and build fixes. References: https://hg.mozilla.org/projects/nss/log/default/lib/ckfw/builtins/certdata.txt https://groups.google.com/forum/#!topic/mozilla.dev.tech.nspr/RQtSKOF9rM0 Version:
Cauldron =>
7 For Mageia 7: Suggested advisory: ======================== The updated packages fix several bugs and some security issues: Stored passwords in 'Saved Logins' can be copied without master password entry. (CVE-2019-11733) For rootcerts: - Remove Swisscom Root CA 2 root certificate. - Remove Expired root certificates - Class 2 Primary, UTN-USERFirst-Client, Deutsche Telekom Root CA 2. For NSPR: - Added support for the ARC architecture. - Removed support for the following platforms: OSF1/Tru64, DGUX, IRIX, Symbian, BeOS. - Correctness and build fixes. References: https://www.mozilla.org/en-US/firefox/68.0.1/releasenotes/ https://www.mozilla.org/en-US/firefox/68.0.2/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2019-24/ https://hg.mozilla.org/projects/nss/log/default/lib/ckfw/builtins/certdata.txt https://groups.google.com/forum/#!topic/mozilla.dev.tech.nspr/RQtSKOF9rM0
Nicolas Salguero
2019-08-29 13:45:47 CEST
Summary:
Firefox 68.0.2 =>
Firefox 68.0.2, NSPR 4.22 and rootcerts update on mga7-64 kernel-desktop plasma packages installed cleanly: - firefox-68.0.2-1.mga7.x86_64 - firefox-en_GB-68.0.2-1.mga7.noarch - lib64nspr4-4.22-1.mga7.x86_64 - lib64nss3-3.45.0-1.1.mga7.x86_64 - nss-3.45.0-1.1.mga7.x86_64 - rootcerts-20190820.00-1.mga7.noarch - rootcerts-java-20190820.00-1.mga7.noarch no regressions observed looks OK for mga7-64 CC:
(none) =>
jim on mga7-32 kernel-desktop586 plasma in a vbox VM packages installed cleanly: - firefox-68.0.2-1.mga7.i586 - firefox-en_GB-68.0.2-1.mga7.noarch - firefox-en_US-68.0.2-1.mga7.noarch - libnspr4-4.22-1.mga7.i586 - libnss3-3.45.0-1.1.mga7.i586 - nss-3.45.0-1.1.mga7.i586 - rootcerts-20190820.00-1.mga7.noarch - rootcerts-java-20190820.00-1.mga7.noarch looks OK for mga7-32 on mga6-64 kernel-desktop plasma Sorry, the following package cannot be selected: - lib64nss3-3.36.8-1.2.mga6.x86_64 (due to unsatisfied lib64sqlite3_0[>= 3.28.0]) After installing the updates from bug 24750: - lib64sqlite3_0-3.28.0-1.mga6.x86_64 - sqlite3-tools-3.28.0-1.mga6.x86_64 packages installed cleanly: - lib64nspr4-4.22-1.mga6.x86_64 - lib64nss3-3.36.8-1.2.mga6.x86_64 - nss-3.36.8-1.2.mga6.x86_64 - rootcerts-20190820.00-1.mga6.noarch - rootcerts-java-20190820.00-1.mga6.noarch no regressions observed looks OK for mga6-64 on this system This update requires the sqlite update, bug 24750 Depends on:
(none) =>
24750 on mga6-32 in a vbox vm kernel-desktop plasma installed the following from bug 24750 - libsqlite3_0-3.28.0-1.mga6.i586 - sqlite3-tools-3.28.0-1.mga6.i586 packages installed cleanly: - libnspr4-4.22-1.mga6.i586 - libnss3-3.36.8-1.2.mga6.i586 - nss-3.36.8-1.2.mga6.i586 - rootcerts-20190820.00-1.mga6.noarch - rootcerts-java-20190820.00-1.mga6.noarch no regressions noted looks OK for mga6-32 This update requires the sqlite update, bug 24750 $ uname -a Linux localhost 4.14.137-desktop-1.mga6 #1 SMP Wed Aug 7 11:51:54 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux The following 8 packages are going to be installed: - lib64nspr-devel-4.22-1.mga6.x86_64 - lib64nspr4-4.22-1.mga6.x86_64 - lib64nss3-3.36.8-1.2.mga6.x86_64 - lib64sqlite3_0-3.28.0-1.mga6.x86_64 - nss-3.36.8-1.2.mga6.x86_64 - nss-doc-3.36.8-1.2.mga6.noarch - rootcerts-20190820.00-1.mga6.noarch - rootcerts-java-20190820.00-1.mga6.noarch I spent time visiting major sites with firefox. Seemed to be fine. These all installed properly as well. Seems good to me. CC:
(none) =>
brtians1 NSS 3.46 finally came out, updating Mageia 7 with this: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes We might as well update to Firefox 68.1 too: https://www.mozilla.org/en-US/firefox/68.1.0/releasenotes/ (In reply to David Walser from comment #15) > NSS 3.46 finally came out, updating Mageia 7 with this: > https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3. > 46_release_notes nss-3.46.0-1.mga7 nss-doc-3.46.0-1.mga7 libnss3-3.46.0-1.mga7 libnss-devel-3.46.0-1.mga7 libnss-static-devel-3.46.0-1.mga7 from nss-3.46.0-1.mga7.src.rpm Additional references: For Firefox 68.1: https://www.mozilla.org/security/advisories/mfsa2019-26/ For Firefox 60.9: https://www.mozilla.org/en-US/firefox/60.9.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/ Summary:
Firefox 68.0.2, NSPR 4.22 and rootcerts update =>
Firefox 68.1 and 60.9, NSPR 4.22 and rootcerts update
Nicolas Salguero
2019-09-04 10:47:51 CEST
Severity:
normal =>
critical For Mageia 6: Suggested advisory: ======================== The updated packages fix several bugs and some security issues: Use-after-free while manipulating video. (CVE-2019-11746) XSS by breaking out of title and textarea elements using innerHTML. (CVE-2019-11744) Same-origin policy violation with SVG filters and canvas to steal cross-origin images. (CVE-2019-11742) Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location. (CVE-2019-11753) Use-after-free while extracting a key value in IndexedDB. (CVE-2019-11752) Sandbox escape through Firefox Sync. (CVE-2019-9812) Cross-origin access to unload event attributes. (CVE-2019-11743) Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9. (CVE-2019-11740) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11746 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11744 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11742 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11753 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11752 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9812 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11743 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11740 https://www.mozilla.org/en-US/firefox/60.9.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/ https://hg.mozilla.org/projects/nss/log/default/lib/ckfw/builtins/certdata.txt https://groups.google.com/forum/#!topic/mozilla.dev.tech.nspr/RQtSKOF9rM0 ======================== Updated packages in core/updates_testing: ======================== firefox-60.9.0-1.mga6 firefox-devel-60.9.0-1.mga6 firefox-af-60.9.0-1.mga6 firefox-an-60.9.0-1.mga6 firefox-ar-60.9.0-1.mga6 firefox-as-60.9.0-1.mga6 firefox-ast-60.9.0-1.mga6 firefox-az-60.9.0-1.mga6 firefox-bg-60.9.0-1.mga6 firefox-bn_IN-60.9.0-1.mga6 firefox-bn_BD-60.9.0-1.mga6 firefox-br-60.9.0-1.mga6 firefox-bs-60.9.0-1.mga6 firefox-ca-60.9.0-1.mga6 firefox-cs-60.9.0-1.mga6 firefox-cy-60.9.0-1.mga6 firefox-da-60.9.0-1.mga6 firefox-de-60.9.0-1.mga6 firefox-el-60.9.0-1.mga6 firefox-en_GB-60.9.0-1.mga6 firefox-en_US-60.9.0-1.mga6 firefox-en_ZA-60.9.0-1.mga6 firefox-eo-60.9.0-1.mga6 firefox-es_AR-60.9.0-1.mga6 firefox-es_CL-60.9.0-1.mga6 firefox-es_ES-60.9.0-1.mga6 firefox-es_MX-60.9.0-1.mga6 firefox-et-60.9.0-1.mga6 firefox-eu-60.9.0-1.mga6 firefox-fa-60.9.0-1.mga6 firefox-ff-60.9.0-1.mga6 firefox-fi-60.9.0-1.mga6 firefox-fr-60.9.0-1.mga6 firefox-fy_NL-60.9.0-1.mga6 firefox-ga_IE-60.9.0-1.mga6 firefox-gd-60.9.0-1.mga6 firefox-gl-60.9.0-1.mga6 firefox-gu_IN-60.9.0-1.mga6 firefox-he-60.9.0-1.mga6 firefox-hi_IN-60.9.0-1.mga6 firefox-hr-60.9.0-1.mga6 firefox-hsb-60.9.0-1.mga6 firefox-hu-60.9.0-1.mga6 firefox-hy_AM-60.9.0-1.mga6 firefox-id-60.9.0-1.mga6 firefox-is-60.9.0-1.mga6 firefox-it-60.9.0-1.mga6 firefox-ja-60.9.0-1.mga6 firefox-kk-60.9.0-1.mga6 firefox-km-60.9.0-1.mga6 firefox-kn-60.9.0-1.mga6 firefox-ko-60.9.0-1.mga6 firefox-lij-60.9.0-1.mga6 firefox-lt-60.9.0-1.mga6 firefox-lv-60.9.0-1.mga6 firefox-mai-60.9.0-1.mga6 firefox-mk-60.9.0-1.mga6 firefox-ml-60.9.0-1.mga6 firefox-mr-60.9.0-1.mga6 firefox-ms-60.9.0-1.mga6 firefox-nb_NO-60.9.0-1.mga6 firefox-nl-60.9.0-1.mga6 firefox-nn_NO-60.9.0-1.mga6 firefox-or-60.9.0-1.mga6 firefox-pa_IN-60.9.0-1.mga6 firefox-pl-60.9.0-1.mga6 firefox-pt_BR-60.9.0-1.mga6 firefox-pt_PT-60.9.0-1.mga6 firefox-ro-60.9.0-1.mga6 firefox-ru-60.9.0-1.mga6 firefox-si-60.9.0-1.mga6 firefox-sk-60.9.0-1.mga6 firefox-sl-60.9.0-1.mga6 firefox-sq-60.9.0-1.mga6 firefox-sr-60.9.0-1.mga6 firefox-sv_SE-60.9.0-1.mga6 firefox-ta-60.9.0-1.mga6 firefox-te-60.9.0-1.mga6 firefox-th-60.9.0-1.mga6 firefox-tr-60.9.0-1.mga6 firefox-uk-60.9.0-1.mga6 firefox-uz-60.9.0-1.mga6 firefox-vi-60.9.0-1.mga6 firefox-xh-60.9.0-1.mga6 firefox-zh_CN-60.9.0-1.mga6 firefox-zh_TW-60.9.0-1.mga6 rootcerts-20190820.00-1.mga6 rootcerts-java-20190820.00-1.mga6 libnspr4-4.22-1.mga6 libnspr-devel-4.22-1.mga6 nss-3.36.8-1.2.mga6 nss-doc-3.36.8-1.2.mga6 libnss3-3.36.8-1.2.mga6 libnss-devel-3.36.8-1.2.mga6 libnss-static-devel-3.36.8-1.2.mga6 from SRPMS: firefox-60.9.0-1.mga6.src.rpm firefox-l10n-60.9.0-1.mga6.src.rpm rootcerts-20190820.00-1.mga6.src.rpm nspr-4.22-1.mga6.src.rpm nss-3.36.8-1.2.mga6.src.rpm Don't forget to push firefox-l10n for Mageia 7. It should be ready in SVN. mga6 64 bit Firefox with swedish working nicely on Plasma, Nvidia driver. Tabs restored after update, tested sites i often use, video with sound OK. CC:
(none) =>
fri RedHat has issued an advisory for this today (September 4): https://access.redhat.com/errata/RHSA-2019:2663 For Mageia 7: Suggested advisory: ======================== The updated packages fix several bugs and some security issues: Stored passwords in 'Saved Logins' can be copied without master password entry. (CVE-2019-11733) Malicious code execution through command line parameters. (CVE-2019-11751) Use-after-free while manipulating video. (CVE-2019-11746) XSS by breaking out of title and textarea elements using innerHTML. (CVE-2019-11744) Same-origin policy violation with SVG filters and canvas to steal cross-origin images. (CVE-2019-11742) File manipulation and privilege escalation in Mozilla Maintenance Service. (CVE-2019-11736) Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location. (CVE-2019-11753) Use-after-free while extracting a key value in IndexedDB. (CVE-2019-11752) Sandbox escape through Firefox Sync. (CVE-2019-9812) Cross-origin access to unload event attributes. (CVE-2019-11743) Persistence of WebRTC permissions in a third party context. (CVE-2019-11748) Camera information available without prompting using getUserMedia. (CVE-2019-11749) Type confusion in Spidermonkey. (CVE-2019-11750) Content security policy bypass through hash-based sources in directives. (CVE-2019-11738) 'Forget about this site' removes sites from pre-loaded HSTS list. (CVE-2019-11747) Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1. (CVE-2019-11735) Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9. (CVE-2019-11740) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11733 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11751 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11746 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11744 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11742 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11736 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11753 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11752 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9812 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11743 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11748 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11749 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11750 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11738 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11747 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11735 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11740 https://www.mozilla.org/en-US/firefox/68.0.1/releasenotes/ https://www.mozilla.org/en-US/firefox/68.0.2/releasenotes/ https://www.mozilla.org/en-US/firefox/68.1.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2019-24/ https://www.mozilla.org/en-US/security/advisories/mfsa2019-26/ https://hg.mozilla.org/projects/nss/log/default/lib/ckfw/builtins/certdata.txt https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes https://groups.google.com/forum/#!topic/mozilla.dev.tech.nspr/RQtSKOF9rM0 https://access.redhat.com/errata/RHSA-2019:2663 ======================== Updated packages in core/updates_testing: ======================== firefox-68.1.0-1.mga7 firefox-devel-68.1.0-1.mga7 firefox-af-68.1.0-1.mga7 firefox-an-68.1.0-1.mga7 firefox-ar-68.1.0-1.mga7 firefox-ast-68.1.0-1.mga7 firefox-az-68.1.0-1.mga7 firefox-bg-68.1.0-1.mga7 firefox-bn-68.1.0-1.mga7 firefox-br-68.1.0-1.mga7 firefox-bs-68.1.0-1.mga7 firefox-ca-68.1.0-1.mga7 firefox-cs-68.1.0-1.mga7 firefox-cy-68.1.0-1.mga7 firefox-da-68.1.0-1.mga7 firefox-de-68.1.0-1.mga7 firefox-el-68.1.0-1.mga7 firefox-en_GB-68.1.0-1.mga7 firefox-en_US-68.1.0-1.mga7 firefox-eo-68.1.0-1.mga7 firefox-es_AR-68.1.0-1.mga7 firefox-es_CL-68.1.0-1.mga7 firefox-es_ES-68.1.0-1.mga7 firefox-es_MX-68.1.0-1.mga7 firefox-et-68.1.0-1.mga7 firefox-eu-68.1.0-1.mga7 firefox-fa-68.1.0-1.mga7 firefox-ff-68.1.0-1.mga7 firefox-fi-68.1.0-1.mga7 firefox-fr-68.1.0-1.mga7 firefox-fy_NL-68.1.0-1.mga7 firefox-ga_IE-68.1.0-1.mga7 firefox-gd-68.1.0-1.mga7 firefox-gl-68.1.0-1.mga7 firefox-gu_IN-68.1.0-1.mga7 firefox-he-68.1.0-1.mga7 firefox-hi_IN-68.1.0-1.mga7 firefox-hr-68.1.0-1.mga7 firefox-hsb-68.1.0-1.mga7 firefox-hu-68.1.0-1.mga7 firefox-hy_AM-68.1.0-1.mga7 firefox-id-68.1.0-1.mga7 firefox-is-68.1.0-1.mga7 firefox-it-68.1.0-1.mga7 firefox-ja-68.1.0-1.mga7 firefox-kk-68.1.0-1.mga7 firefox-km-68.1.0-1.mga7 firefox-kn-68.1.0-1.mga7 firefox-ko-68.1.0-1.mga7 firefox-lij-68.1.0-1.mga7 firefox-lt-68.1.0-1.mga7 firefox-lv-68.1.0-1.mga7 firefox-mk-68.1.0-1.mga7 firefox-mr-68.1.0-1.mga7 firefox-ms-68.1.0-1.mga7 firefox-nb_NO-68.1.0-1.mga7 firefox-nl-68.1.0-1.mga7 firefox-nn_NO-68.1.0-1.mga7 firefox-pa_IN-68.1.0-1.mga7 firefox-pl-68.1.0-1.mga7 firefox-pt_BR-68.1.0-1.mga7 firefox-pt_PT-68.1.0-1.mga7 firefox-ro-68.1.0-1.mga7 firefox-ru-68.1.0-1.mga7 firefox-si-68.1.0-1.mga7 firefox-sk-68.1.0-1.mga7 firefox-sl-68.1.0-1.mga7 firefox-sq-68.1.0-1.mga7 firefox-sr-68.1.0-1.mga7 firefox-sv_SE-68.1.0-1.mga7 firefox-ta-68.1.0-1.mga7 firefox-te-68.1.0-1.mga7 firefox-th-68.1.0-1.mga7 firefox-tr-68.1.0-1.mga7 firefox-uk-68.1.0-1.mga7 firefox-uz-68.1.0-1.mga7 firefox-vi-68.1.0-1.mga7 firefox-xh-68.1.0-1.mga7 firefox-zh_CN-68.1.0-1.mga7 firefox-zh_TW-68.1.0-1.mga7 rootcerts-20190820.00-1.mga7 rootcerts-java-20190820.00-1.mga7 libnspr4-4.22-1.mga7 libnspr-devel-4.22-1.mga7 nss-3.46.0-1.mga7 nss-doc-3.46.0-1.mga7 libnss3-3.46.0-1.mga7 libnss-devel-3.46.0-1.mga7 libnss-static-devel-3.46.0-1.mga7 from SRPMS: firefox-68.1.0-1.mga7.src.rpm firefox-l10n-68.1.0-1.mga7.src.rpm rootcerts-20190820.00-1.mga7.src.rpm nspr-4.22-1.mga7.src.rpm nss-3.46.0-1.mga7.src.rpm Assignee:
nicolas.salguero =>
qa-bugs
Nicolas Salguero
2019-09-06 08:37:01 CEST
Blocks:
(none) =>
25396 MGA6-64 Plasma on Lenovo B50 Noticed while selecting packages that the lib64nspr and lib64nss3 had updates, ut not the 32-bit libnspr and libnss3. Firefox works OK on usual newspaper site with text, photos and video. I think the 64-bit is OK, but waiting to see if the 32-bit needs further mending. CC:
(none) =>
herman.viaene 64bit - plasma - firefox-en_GB-68.1.0-1.mga7.noarch - firefox-en_US-68.1.0-1.mga7.noarch - lib64nspr4-4.22-1.mga7.x86_64 - lib64nss3-3.46.0-1.mga7.x86_64 Ran it about an hour straight with videos, and major emails sites. Seems to be working Tested mga7-64 general browsing, jetstream for javascript, videos, all OK Whiteboard:
MGA6TOO =>
MGA6TOO, mga-7-64-ok Tested mga7-32 in a virtualbox guest machine, as in comment 27, all OK Whiteboard:
MGA6TOO, mga-7-64-ok =>
MGA6TOO, mga-7-64-ok mga7-32-ok
Thomas Andrews
2019-09-10 14:02:36 CEST
CC:
(none) =>
andrewsfarm Looks good here in MGA7 Plasma. Will try Mga6 later. Tested mga6-32 as above, Starting ff shows a page showing it's out of date, but I'm not sure there's anything we can do about that. Everything working as expected. Whiteboard:
MGA6TOO, MGA7-64-OK MGA7-32-OK =>
MGA6TOO, MGA7-64-OK MGA7-32-OK mga6-32-ok Good for 64-bits in Mageia 6 Plasma on my Probook 6550b. Validating. Advisories in Comment 8 and Comment 9. Whiteboard:
MGA6TOO, MGA7-64-OK MGA7-32-OK mga6-32-ok =>
MGA6TOO, MGA7-64-OK MGA7-32-OK mga6-32-ok MGA6-64-OK RedHat has issued an advisory for Firefox 60.9 today (September 11): https://access.redhat.com/errata/RHSA-2019:2729
Thomas Backlund
2019-09-12 17:37:47 CEST
Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0267.html Resolution:
(none) =>
FIXED An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0268.html NSS 3.46 update in this bug also fixed CVE-2019-17006: https://usn.ubuntu.com/4231-1/ |