OSS-Fuzz is a Continuous Fuzzing for Open Source Software. When a bug is found, it is filed on bugs.chromium.org instead of the upstream's bugzilla. If the bug at $URL is public, that means that the issue has been fixed in the upstream git repository, so when upstream does not add anything useful in that place, you can: 1) Check the range date when ClusterFuzz has detected that the issue has been fixed and dig into upstream git repository; 2) Check if upstream made a new release after the issue has been fixed; 3) Get in touch with upstream. See $URL for more details about the issue. @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
A bit of help on what version(s) this applies to would be great... it seems everythying released after March 16th should be good, which iirc is what our current stable targets are from bug 616032 and bug 616036, but there's no details on those URLs that i could see to confirm this...
This is https://nss-review.dev.mozaws.net/D251 (with commit https://nss-review.dev.mozaws.net/rNSS81a1d9f72ea5b08a95b837e9395e883ac8b9553c) aka https://bugzilla.mozilla.org/show_bug.cgi?id=1347499 This changeset isn't included in any nss version currently available in Gentoo repository.
Sorry for the inconvenience, this bug looks to be invalid.