RUSTSEC-2023-0022: `openssl` `X509NameBuilder::build` returned object is not thread safe

cortex / ripasso

A simple password manager written in Rust

GNU General Public License v3.0

729 stars 64 forks source link

RUSTSEC-2023-0022: `openssl` `X509NameBuilder::build` returned object is not thread safe #296

Closed github-actions[bot] closed 1 year ago

github-actions[bot] commented 1 year ago

Details
Package	`openssl`
Version	`0.10.46`
URL	https://github.com/sfackler/rust-openssl/pull/1854
Patched Versions	>=0.10.48

OpenSSL has a modified bit that it can set on on X509_NAME objects. If this bit is set then the object is not thread-safe even when it appears the code is not modifying the value.

Thanks to David Benjamin (Google) for reporting this issue.