RedHat has issued an advisory on September 21: https://rhn.redhat.com/errata/RHSA-2016-1912.html So far, we have been unable to get this to build in Cauldron. Once we're able to, there will be a rootcerts update (and nss rebuild) going with it.
CC: (none) => marja11Assignee: bugsquad => pkg-bugs
Depends on: (none) => 19170
Updated packages uploaded for Mageia 5 and Cauldron. Advisory to come. Updated packages in core/updates_testing: ================ rootcerts-20160826.00-1.mga5 rootcerts-java-20160826.00-1.mga5 nss-3.26.0-1.1.mga5 nss-doc-3.26.0-1.1.mga5 libnss3-3.26.0-1.1.mga5 libnss-devel-3.26.0-1.1.mga5 libnss-static-devel-3.26.0-1.1.mga5 firefox-45.4.0-2.mga5 firefox-af-45.4.0-1.mga5 firefox-an-45.4.0-1.mga5 firefox-ar-45.4.0-1.mga5 firefox-as-45.4.0-1.mga5 firefox-ast-45.4.0-1.mga5 firefox-az-45.4.0-1.mga5 firefox-be-45.4.0-1.mga5 firefox-bg-45.4.0-1.mga5 firefox-bn_BD-45.4.0-1.mga5 firefox-bn_IN-45.4.0-1.mga5 firefox-br-45.4.0-1.mga5 firefox-bs-45.4.0-1.mga5 firefox-ca-45.4.0-1.mga5 firefox-cs-45.4.0-1.mga5 firefox-cy-45.4.0-1.mga5 firefox-da-45.4.0-1.mga5 firefox-de-45.4.0-1.mga5 firefox-devel-45.4.0-2.mga5 firefox-el-45.4.0-1.mga5 firefox-en_GB-45.4.0-1.mga5 firefox-en_US-45.4.0-1.mga5 firefox-en_ZA-45.4.0-1.mga5 firefox-eo-45.4.0-1.mga5 firefox-es_AR-45.4.0-1.mga5 firefox-es_CL-45.4.0-1.mga5 firefox-es_ES-45.4.0-1.mga5 firefox-es_MX-45.4.0-1.mga5 firefox-et-45.4.0-1.mga5 firefox-eu-45.4.0-1.mga5 firefox-fa-45.4.0-1.mga5 firefox-ff-45.4.0-1.mga5 firefox-fi-45.4.0-1.mga5 firefox-fr-45.4.0-1.mga5 firefox-fy_NL-45.4.0-1.mga5 firefox-ga_IE-45.4.0-1.mga5 firefox-gd-45.4.0-1.mga5 firefox-gl-45.4.0-1.mga5 firefox-gu_IN-45.4.0-1.mga5 firefox-he-45.4.0-1.mga5 firefox-hi_IN-45.4.0-1.mga5 firefox-hr-45.4.0-1.mga5 firefox-hsb-45.4.0-1.mga5 firefox-hu-45.4.0-1.mga5 firefox-hy_AM-45.4.0-1.mga5 firefox-id-45.4.0-1.mga5 firefox-is-45.4.0-1.mga5 firefox-it-45.4.0-1.mga5 firefox-ja-45.4.0-1.mga5 firefox-kk-45.4.0-1.mga5 firefox-km-45.4.0-1.mga5 firefox-kn-45.4.0-1.mga5 firefox-ko-45.4.0-1.mga5 firefox-lij-45.4.0-1.mga5 firefox-lt-45.4.0-1.mga5 firefox-lv-45.4.0-1.mga5 firefox-mai-45.4.0-1.mga5 firefox-mk-45.4.0-1.mga5 firefox-ml-45.4.0-1.mga5 firefox-mr-45.4.0-1.mga5 firefox-ms-45.4.0-1.mga5 firefox-nb_NO-45.4.0-1.mga5 firefox-nl-45.4.0-1.mga5 firefox-nn_NO-45.4.0-1.mga5 firefox-or-45.4.0-1.mga5 firefox-pa_IN-45.4.0-1.mga5 firefox-pl-45.4.0-1.mga5 firefox-pt_BR-45.4.0-1.mga5 firefox-pt_PT-45.4.0-1.mga5 firefox-ro-45.4.0-1.mga5 firefox-ru-45.4.0-1.mga5 firefox-si-45.4.0-1.mga5 firefox-sk-45.4.0-1.mga5 firefox-sl-45.4.0-1.mga5 firefox-sq-45.4.0-1.mga5 firefox-sr-45.4.0-1.mga5 firefox-sv_SE-45.4.0-1.mga5 firefox-ta-45.4.0-1.mga5 firefox-te-45.4.0-1.mga5 firefox-th-45.4.0-1.mga5 firefox-tr-45.4.0-1.mga5 firefox-uk-45.4.0-1.mga5 firefox-uz-45.4.0-1.mga5 firefox-vi-45.4.0-1.mga5 firefox-xh-45.4.0-1.mga5 firefox-zh_CN-45.4.0-1.mga5 firefox-zh_TW-45.4.0-1.mga5 from SRPMS: rootcerts-20160826.00-1.mga5.src.rpm nss-3.26.0-1.1.mga5.src.rpm firefox-45.4.0-2.mga5.src.rpm firefox-l10n-45.4.0-1.mga5.src.rpm
Assignee: pkg-bugs => qa-bugs
Advisory: ================ Updated firefox packages fix security vulnerabilities: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox (CVE-2016-5257, CVE-2016-5278, CVE-2016-5270, CVE-2016-5272, CVE-2016-5274, CVE-2016-5276, CVE-2016-5277, CVE-2016-5280, CVE-2016-5281, CVE-2016-5284, CVE-2016-5250, CVE-2016-5261). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5250 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5257 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5261 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5270 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5272 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5274 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5276 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5277 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5278 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5280 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5281 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5284 https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/ https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/ https://rhn.redhat.com/errata/RHSA-2016-1912.html
Testing M5 x64 real hardware. firefox-45.4.0-2.mga5 firefox-cy-45.4.0-1.mga5 firefox-fr-45.4.0-1.mga5 firefox-en_GB-45.4.0-1.mga5 nss-3.26.0-1.1.mga5 rootcerts-java-20160826.00-1.mga5 rootcerts-20160826.00-1.mga5 With a mixture of usage including Bugzilla, BBC, videos, sound, all looks OK. Better to have more confirmation before OK'ing this, though.
CC: (none) => lewyssmith
Tested general browsing, javascript (jetstream), Java and flash plugins, acid3, all OK.
CC: (none) => wrw105Whiteboard: (none) => has_procedure mga5-64-ok
All looks OK on x64 HP Probook 6550b.
CC: (none) => andrewsfarm
Looks good in both 32 and 64 bit on AMD processor and nvidia video. Tried several websites, all OK.
Whiteboard: has_procedure mga5-64-ok => has_procedure mga5-64-ok mga5-32-ok
Tested with 32 bit VM on AMD hardware and AMI video. No issues.
CC: (none) => brtians1
Keywords: (none) => validated_updateWhiteboard: has_procedure mga5-64-ok mga5-32-ok => has_procedure mga5-64-ok mga5-32-ok advisoryCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0329.html
Status: NEW => RESOLVEDResolution: (none) => FIXED