package/libnss: security bump to version 3.73

Fixes the following security issue: - CVE-2021-43527: Heap overflow in NSS when verifying DSA/RSA-PSS DER-encoded signatures For more details, see the advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2021-51/ Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Reviewed-by: Giulio Benetti <giulio.benetti@benettiengineering.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-12-02 22:33:46 +01:00 · 2021-12-02 22:33:46 +01:00 · a8e227ae60
commit a8e227ae60
parent ef98158a2d
2 changed files with 3 additions and 3 deletions
--- a/package/libnss/libnss.hash
+++ b/package/libnss/libnss.hash
@ -1,4 +1,4 @@
-# From https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_72_RTM/src/SHA256SUMS
-sha256  6ea60a9ff113e493ea2ab25f41ea75a9fbd10af7903f26f703dac8680732d02e  nss-3.72.tar.gz
+# From https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_73_RTM/src/SHA256SUMS
+sha256  566d3a68da9b10d7da9ef84eb4fe182f8f04e20d85c55d1bf360bb2c0096d8e5  nss-3.73.tar.gz
 # Locally calculated
 sha256  a20c1a32d1f8102432360b42e932869f7c11c7cdbacf9cac554c422132af47f4  nss/COPYING
--- a/package/libnss/libnss.mk
+++ b/package/libnss/libnss.mk
@ -4,7 +4,7 @@
 #
 ################################################################################

-LIBNSS_VERSION = 3.72
+LIBNSS_VERSION = 3.73
 LIBNSS_SOURCE = nss-$(LIBNSS_VERSION).tar.gz
 LIBNSS_SITE = https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_$(subst .,_,$(LIBNSS_VERSION))_RTM/src
 LIBNSS_DISTDIR = dist