RUSTSEC-2020-0146: arr! macro erases lifetimes

IronCoreLabs / ironoxide

Rust SDK for IronCore Privacy Platform

https://docs.rs/ironoxide

GNU Affero General Public License v3.0

10 stars 3 forks source link

RUSTSEC-2020-0146: arr! macro erases lifetimes #228

Closed github-actions[bot] closed 3 years ago

github-actions[bot] commented 3 years ago

arr! macro erases lifetimes

Details
Package	`generic-array`
Version	`0.12.3`
URL	https://github.com/fizyk20/generic-array/issues/98
Date	2020-04-09
Patched versions	`>=0.14.0`
Unaffected versions	`<0.8.0`

Affected versions of this crate allowed unsoundly extending lifetimes using arr! macro. This may result in a variety of memory corruption scenarios, most likely use-after-free.

See advisory page for additional details.

giarc3 commented 3 years ago

This comes from an outdated sha2 in our ironcore-search-helpers

giarc3 commented 3 years ago

ironoxide will now pull the patched version (0.12.4), so there's nothing more we have to do