There is currently a critical vulnerability in libzmq with curve authentication for all versions from 4.0.0 and upwards. Since rust-zmq lib allows users to build from source from the zeromq-src crate, this library is affected.
However, this vulnerability has been fixed in 4.3.2 that was just released. So I will yank version 0.1.6 of the zeromq-src crate, then release libzmq 4.3.2 in 0.1.7, and then provide a PR to fix this issue.
There is currently a critical vulnerability in libzmq with curve authentication for all versions from 4.0.0 and upwards. Since
rust-zmq
lib allows users to build from source from thezeromq-src
crate, this library is affected.However, this vulnerability has been fixed in 4.3.2 that was just released. So I will yank version
0.1.6
of thezeromq-src
crate, then release libzmq 4.3.2 in0.1.7
, and then provide a PR to fix this issue.See https://github.com/jean-airoldie/zeromq-src-rs/issues/10 and https://github.com/zeromq/libzmq/issues/3558.