nss: ignore CVE-2022-3479 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Peter Marko <peter.marko@siemens.com>	2023-06-02 11:18:20 +0200
committer	Khem Raj <raj.khem@gmail.com>	2023-06-04 22:29:45 -0700
commit	81c18e0797694d74198a737dac08a3e8f631cac9 (patch)
tree	4466662c7344f6fb1c370d4b0e4d481b4d675f80 /meta-python/recipes-devtools/python/python3-html2text
parent	110f60fff7af288490ac3734685a1422d2724a5c (diff)
download	meta-openembedded-81c18e0797694d74198a737dac08a3e8f631cac9.tar.gz

nss: ignore CVE-2022-3479

Investigation based on https://bugzilla.mozilla.org/show_bug.cgi?id=1774654 leads to following: * fixed in 3.87 (https://hg.mozilla.org/projects/nss/rev/a7f363511333b8062945557607691002fd6e40b9) * changed code was introduced in 3.77 (https://hg.mozilla.org/projects/nss/rev/be6a97823bfe10fa08e17c9584938a2d525a38da) * NVD claims fix in 3.81, but there is no evidence for it in commit history (https://hg.mozilla.org/projects/nss/graph/a7f363511333b8062945557607691002fd6e40b9) * Debian also says for old versions "nss <not-affected> (Vulnerable code not present/was introduced later)" (https://security-tracker.debian.org/tracker/CVE-2022-3479) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python3-html2text')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: