Hi Arnout,

> Il giorno 2 mag 2022, alle ore 23:53, Arnout Vandecappelle <arnout@mind.be> ha scritto:
> 
> 
> 
>> On 01/05/2022 02:07, Giulio Benetti wrote:
>> Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
> 
> Applied to master, thanks.
> 
> This isn't a security bump?

It seems not, Mozilla is not giving release notes since 6/8 months. So I’ve just checked and found this:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43527

Where they state the CVE is present if NSS < 3.73 or < 3.68.1 and every website states the same.
So no this is not a security bump.
I will take care on next bumps to signal if it is a security bump or not.

Best regards
Giulio

> 
> Regards,
> Arnout
> 
>> ---
>>  package/libnss/libnss.hash | 4 ++--
>>  package/libnss/libnss.mk   | 2 +-
>>  2 files changed, 3 insertions(+), 3 deletions(-)
>> diff --git a/package/libnss/libnss.hash b/package/libnss/libnss.hash
>> index 04e81e6b84..0c06495f5e 100644
>> --- a/package/libnss/libnss.hash
>> +++ b/package/libnss/libnss.hash
>> @@ -1,4 +1,4 @@
>> -# From https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_77_RTM/src/SHA256SUMS
>> -sha256  825edf5a2fd35b788a23ff80face591f82919ae3ad2b8f77d424a450d618dedd  nss-3.77.tar.gz
>> +# From https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_78_RTM/src/SHA256SUMS
>> +sha256  f455f341e787c1167328e80a84f77b9a557d595066dda6486a1874d72da68800  nss-3.78.tar.gz
>>  # Locally calculated
>>  sha256  a20c1a32d1f8102432360b42e932869f7c11c7cdbacf9cac554c422132af47f4  nss/COPYING
>> diff --git a/package/libnss/libnss.mk b/package/libnss/libnss.mk
>> index 7568ec67ed..540092dfcf 100644
>> --- a/package/libnss/libnss.mk
>> +++ b/package/libnss/libnss.mk
>> @@ -4,7 +4,7 @@
>>  #
>>  ################################################################################
>>  -LIBNSS_VERSION = 3.77
>> +LIBNSS_VERSION = 3.78
>>  LIBNSS_SOURCE = nss-$(LIBNSS_VERSION).tar.gz
>>  LIBNSS_SITE = https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_$(subst .,_,$(LIBNSS_VERSION))_RTM/src
>>  LIBNSS_DISTDIR = dist
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot