Patch `rsa` crate as soon as fix is available

risingwavelabs / risingwave

Best-in-class stream processing, analytics, and management. Perform continuous analytics, or build event-driven applications, real-time ETL pipelines, and feature stores in minutes. Unified streaming and batch. PostgreSQL compatible.

https://go.risingwave.com/slack

Apache License 2.0

7.03k stars 577 forks source link

Patch `rsa` crate as soon as fix is available #13703

Open kwannoel opened 11 months ago

kwannoel commented 11 months ago

click to check if fix is avail: https://rustsec.org/advisories/RUSTSEC-2023-0071

Crate:     rsa
Version:   0.9.2
Title:     Marvin Attack: potential key recovery through timing sidechannels
Date:      2023-11-22
ID:        RUSTSEC-2023-0071
URL:       https://rustsec.org/advisories/RUSTSEC-2023-0071
Severity:  7.4 (high)
Solution:  No fixed upgrade is available!
Dependency tree:

kwannoel commented 10 months ago

No patch yet.

kwannoel commented 7 months ago

No patch yet.

kwannoel commented 3 months ago

No patch

kwannoel commented 3 months ago

https://github.com/RustCrypto/RSA/pull/394 This is where the work is being done.