Skip to content
This repository was archived by the owner on Jun 2, 2024. It is now read-only.

bump bzip2 to 0.4.4 to fix RUSTSEC-2023-0004 / CVE-2023-22895 #392

Closed
wants to merge 1 commit into from
Closed

bump bzip2 to 0.4.4 to fix RUSTSEC-2023-0004 / CVE-2023-22895 #392

wants to merge 1 commit into from

Conversation

@striezel
Copy link
Contributor

@striezel striezel commented Aug 29, 2023
edited
Loading

This vulnerability is also known as GHSA-96jv-r488-c2rj.

Versions of the bzip2 crate before 0.4.4 contain a Denial of Service vulnerability that could cause the compression and / or decompression to run into an infinite loop. For more details see https://rustsec.org/advisories/RUSTSEC-2023-0004.html or trifectatechfoundation/bzip2-rs#86.

Edit: @Plecra: You might want to merge #393 before this one to fix the build errors related to clippy and rustfmt.

@striezel
bump bzip2 to 0.4.4 to fix RUSTSEC-2023-0004 / CVE-2023-22895
0cb6006 
This vulnerability is also known as GHSA-96jv-r488-c2rj.
Versions of the bzip2 crate before 0.4.4 contain a Denial of
Service vulnerability that could cause the compression and / or
decompression to run into an infinite loop. For more details see
<https://rustsec.org/advisories/RUSTSEC-2023-0004.html> or
<trifectatechfoundation/bzip2-rs#86>.
@Plecra
Copy link
Member

Plecra commented Aug 30, 2023

closing as duplicate of #335, where this was discussed :) I still welcome extra comments there if you think there's anything to add.

@Plecra Plecra closed this Aug 30, 2023
@striezel striezel deleted the bzip2-update branch September 1, 2023 03:55
@striezel
Copy link
Contributor Author

striezel commented Sep 1, 2023

Ah, I see. Understandable.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@striezel @Plecra