Re: [oe] [dunfel 03/32] jsoncpp: upgrade 1.9.2 -> 1.9.3

On 7/13/20 8:46 AM, Khem Raj wrote: > On Mon, Jul 13, 2020 at 1:25 AM wrote: >> Hi, >> >> On Sun, Jul 12, 2020 at 11:41:58AM -0700, akuster wrote: >>> >>> On 7/10/20 12:37 AM, mikko.rap...@bmw.de wrote: Hi, jsoncpp seems to have messy ABI history so I would not update even minor

[oe] [meta-oe][dunfell][PATCH 1/1] nss: Fix CVE-2020-12399

Master (nss version 3.54) is not affected by this issue. This is a backport from nss version 3.54. NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firef