nss had a vulnerability reported with a CVSS score of 9.8 (https://access.redhat.com/security/cve/CVE-2021-43527).
I can see that there is a x86_64 package for nss that fixes this vulnerability (nss-3.67.0-4.el7_9.x86_64)
Code: Select all
rpm -q nss --changelog |head -n 10
* Thu Nov 18 2021 Bob Relyea <rrelyea@redhat.com> - 3.67.0-4
- fix CVE-2021-43527
Looking through the centos forums, I have not been able to figure out why this package is missing for aarch64.
Does someone know why this package with high vulnerability has not been updated for centos-7.9?
Thanks for your guidance.