release: prepare v0.33.1
#1345
release: prepare v0.33.1
#1345
Security advisories found
2 advisories, 1 unmaintained
Details
Vulnerabilities
RUSTSEC-2023-0052
webpki: CPU denial of service in certificate path building
| Details | |
|---|---|
| Package | webpki |
| Version | 0.21.4 |
| Date | 2023-08-22 |
When this crate is given a pathological certificate chain to validate, it will
spend CPU time exponential with the number of candidate certificates at each
step of path building.
Both TLS clients and TLS servers that accept client certificate are affected.
This was previously reported in
<briansmith/webpki#69> and re-reported recently
by Luke Malinowski.
rustls-webpki is a fork of this crate which contains a fix for this issue
and is actively maintained.
RUSTSEC-2023-0052
webpki: CPU denial of service in certificate path building
| Details | |
|---|---|
| Package | webpki |
| Version | 0.22.0 |
| Date | 2023-08-22 |
When this crate is given a pathological certificate chain to validate, it will
spend CPU time exponential with the number of candidate certificates at each
step of path building.
Both TLS clients and TLS servers that accept client certificate are affected.
This was previously reported in
<briansmith/webpki#69> and re-reported recently
by Luke Malinowski.
rustls-webpki is a fork of this crate which contains a fix for this issue
and is actively maintained.
Warnings
RUSTSEC-2021-0127
serde_cbor is unmaintained
| Details | |
|---|---|
| Status | unmaintained |
| Package | serde_cbor |
| Version | 0.11.2 |
| URL | https://github.com/pyfisch/cbor |
| Date | 2021-08-15 |
The serde_cbor crate is unmaintained. The author has archived the github repository.
Alternatives proposed by the author: