Skip to content

Commit

Permalink
dep: upgrade openssl to 0.10.55 to fix cve warnings
Browse files Browse the repository at this point in the history 
error[vulnerability]: `openssl` `X509VerifyParamRef::set_host` buffer over-read
    ┌─ /github/workspace/Cargo.lock:122:1
    │
122 │ openssl 0.10.48 registry+https://github.com/rust-lang/crates.io-index
    │ --------------------------------------------------------------------- security vulnerability detected
    │
    = ID: RUSTSEC-2023-0044
    = Advisory: https://rustsec.org/advisories/RUSTSEC-2023-0044
    = When this function was passed an empty string, `openssl` would attempt to call `strlen` on it, reading arbitrary memory until it reached a NUL byte.
    = Announcement: sfackler/rust-openssl#1965
    = Solution: Upgrade to >=0.10.55

Signed-off-by: Jiang Liu <[email protected]>
  • Loading branch information
@jiangliu
jiangliu committed Jun 21, 2023
1 parent 6e1e6c0 commit 6c75349
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 6 deletions.
9 changes: 4 additions & 5 deletions Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ tar = "0.4.38"
tokio = { version = "1.24", features = ["macros"] }

# Build static linked openssl library
openssl = { version = "0.10.48", features = ["vendored"] }
openssl = { version = "0.10.55", features = ["vendored"] }
# pin openssl-src to bring in fix for https://rustsec.org/advisories/RUSTSEC-2022-0032
#openssl-src = { version = "111.22" }

Expand Down

0 comments on commit 6c75349

Please sign in to comment.