From the 3.76.1 release notes: "": This release improves the stability of NSS when used in a multi-threaded environment. In particular, it fixes memory safety violations that can occur when PKCS#11 tokens are removed while in use (CVE-2022-1097). We presume that with enough effort these memory safety violations are exploitable. """ Please bump to 3.76.1.
Oops, already in tree.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6d157cf9c7ecb644ca59c667e9b6a6e20c5a2200 commit 6d157cf9c7ecb644ca59c667e9b6a6e20c5a2200 Author: Joonas Niilola <juippis@gentoo.org> AuthorDate: 2022-03-30 04:56:41 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2022-03-30 04:56:41 +0000 dev-libs/nss: drop 3.75-r1, 3.76-r1 (security cleanup p1) Bug: https://bugs.gentoo.org/836386 Signed-off-by: Joonas Niilola <juippis@gentoo.org> dev-libs/nss/Manifest | 2 - dev-libs/nss/nss-3.75-r1.ebuild | 361 ---------------------------------------- dev-libs/nss/nss-3.76-r1.ebuild | 361 ---------------------------------------- 3 files changed, 724 deletions(-)
please bump to 3.68.3 too, it has the same fix backported according to the changelogs
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e0d5c3a907c56c8ab278f57a6261e8ea875f15e7 commit e0d5c3a907c56c8ab278f57a6261e8ea875f15e7 Author: Joonas Niilola <juippis@gentoo.org> AuthorDate: 2022-04-02 05:29:01 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2022-04-02 05:30:43 +0000 dev-libs/nss: add 3.68.3 Bug: https://bugs.gentoo.org/836386 Signed-off-by: Joonas Niilola <juippis@gentoo.org> dev-libs/nss/Manifest | 1 + dev-libs/nss/nss-3.68.3.ebuild | 362 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 363 insertions(+)
Please cleanup
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=35b2d5cf4c16277977814b89becd779d20f84726 commit 35b2d5cf4c16277977814b89becd779d20f84726 Author: Joonas Niilola <juippis@gentoo.org> AuthorDate: 2022-04-10 12:58:00 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2022-04-10 12:58:00 +0000 dev-libs/nss: drop 3.68.2-r1 Bug: https://bugs.gentoo.org/836386 Signed-off-by: Joonas Niilola <juippis@gentoo.org> dev-libs/nss/Manifest | 1 - dev-libs/nss/nss-3.68.2-r1.ebuild | 361 -------------------------------------- 2 files changed, 362 deletions(-)