alexcrichton
commented
2 months ago Seems plausible yeah, but what would that entail? (I'm not sure how to do that myself)
Closed alexcrichton closed 2 months ago
alexcrichton
commented
2 months ago Seems plausible yeah, but what would that entail? (I'm not sure how to do that myself)
thalesfragoso
commented
2 months ago It's basically creating a PR to RustSec/advisory-db. More info on their website.
The idea is to basically copy the official openssl's advisories verbatim. The advantage of doing that is that there are automatic dependency scanners that check rustsec.
The reporter isn't required to be the owner of the crate, so I could also do it when time allows.
alexcrichton
commented
2 months ago Ah ok I don't have the time to myself catalog all OpenSSL CVEs and manually mirror them, but if I can do something to help support someone else via this repo that seems reasonable to implement.
Hi @alexcrichton. Thanks for your work in this project.
Would you be opposed to mirroring the openssl CVEs to RUSTSEC by tagging this crate ?