search

aws / aws-nitro-enclaves-cli

Tooling for Nitro Enclave Management
Apache License 2.0
121 stars 81 forks source link

Rust refresh to address CVE-2022-31394 #442

Closed olafhering closed 1 year ago

olafhering commented 1 year ago

SUSE Security has requested an update to address CVE-2022-31394. Please take the time to adjust Cargo.lock and upgrade at least hyper.

Thank you.

petreeftime commented 1 year ago

pending checks in https://github.com/aws/aws-nitro-enclaves-cli/pull/444

petreeftime commented 1 year ago

I cut the new release here: https://github.com/aws/aws-nitro-enclaves-cli/releases/tag/v1.2.2

petreeftime commented 1 year ago

Just for completeness, the HTTP2 feature was not enabled on the hyper crate, so the package is not affected by the CVE even on 1.2.1 release.

petreeftime commented 1 year ago

The update for this issue is now available for Amazon Linux 2 and Amazon Linux 2023.