Skip to content

Commit 0cb6006

Browse files
striezelstriezel
committed
bump bzip2 to 0.4.4 to fix RUSTSEC-2023-0004 / CVE-2023-22895
This vulnerability is also known as GHSA-96jv-r488-c2rj. Versions of the bzip2 crate before 0.4.4 contain a Denial of Service vulnerability that could cause the compression and / or decompression to run into an infinite loop. For more details see <https://rustsec.org/advisories/RUSTSEC-2023-0004.html> or <trifectatechfoundation/bzip2-rs#86>.
1 parent 21a2058 commit 0cb6006

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

Cargo.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ rust-version = "1.59.0"
1414
[dependencies]
1515
aes = { version = "0.8.2", optional = true }
1616
byteorder = "1.4.3"
17-
bzip2 = { version = "0.4.3", optional = true }
17+
bzip2 = { version = "0.4.4", optional = true }
1818
constant_time_eq = { version = "0.1.5", optional = true }
1919
crc32fast = "1.3.2"
2020
flate2 = { version = "1.0.23", default-features = false, optional = true }

0 commit comments

Comments
 (0)