Skip to content
This repository has been archived by the owner on Jun 2, 2024. It is now read-only.

bump bzip2 to 0.4.4 to fix RUSTSEC-2023-0004 / CVE-2023-22895 #392

Closed
wants to merge 1 commit into from
Closed

bump bzip2 to 0.4.4 to fix RUSTSEC-2023-0004 / CVE-2023-22895 #392

wants to merge 1 commit into from

Conversation

striezel
Copy link
Contributor

@striezel striezel commented Aug 29, 2023
edited
Loading

This vulnerability is also known as GHSA-96jv-r488-c2rj.

Versions of the bzip2 crate before 0.4.4 contain a Denial of Service vulnerability that could cause the compression and / or decompression to run into an infinite loop. For more details see https://rustsec.org/advisories/RUSTSEC-2023-0004.html or alexcrichton/bzip2-rs#86.

Edit: @Plecra: You might want to merge #393 before this one to fix the build errors related to clippy and rustfmt.

@striezel
bump bzip2 to 0.4.4 to fix RUSTSEC-2023-0004 / CVE-2023-22895
0cb6006 
This vulnerability is also known as GHSA-96jv-r488-c2rj.
Versions of the bzip2 crate before 0.4.4 contain a Denial of
Service vulnerability that could cause the compression and / or
decompression to run into an infinite loop. For more details see
<https://rustsec.org/advisories/RUSTSEC-2023-0004.html> or
<alexcrichton/bzip2-rs#86>.
@Plecra
Copy link
Member

Plecra commented Aug 30, 2023

closing as duplicate of #335, where this was discussed :) I still welcome extra comments there if you think there's anything to add.

@Plecra Plecra closed this Aug 30, 2023
@striezel striezel deleted the bzip2-update branch September 1, 2023 03:55
@striezel
Copy link
Contributor Author

striezel commented Sep 1, 2023

Ah, I see. Understandable.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@striezel @Plecra