Closed tdmb closed 1 year ago
A cargo audit reveals the following vulnerabilities for the latest native-tls 0.2.11
Dependency tree: openssl 0.10.45 └── native-tls 0.2.11
Crate: openssl Version: 0.10.45 Title: openssl SubjectAlternativeName and ExtendedKeyUsage::other allow arbitrary file read Date: 2023-03-24 ID: RUSTSEC-2023-0023 URL: https://rustsec.org/advisories/RUSTSEC-2023-0023 Solution: Upgrade to >=0.10.48
openssl
SubjectAlternativeName
ExtendedKeyUsage::other
Crate: openssl Version: 0.10.45 Title: openssl X509NameBuilder::build returned object is not thread safe Date: 2023-03-24 ID: RUSTSEC-2023-0022 URL: https://rustsec.org/advisories/RUSTSEC-2023-0022 Solution: Upgrade to >=0.10.48
X509NameBuilder::build
Crate: openssl Version: 0.10.45 Title: openssl X509Extension::new and X509Extension::new_nid null pointer dereference Date: 2023-03-24 ID: RUSTSEC-2023-0024 URL: https://rustsec.org/advisories/RUSTSEC-2023-0024 Solution: Upgrade to >=0.10.48
X509Extension::new
X509Extension::new_nid
Run cargo update.
cargo update
sfackler
commented
1 year ago sfackler
commented
1 year ago
A cargo audit reveals the following vulnerabilities for the latest native-tls 0.2.11
Dependency tree: openssl 0.10.45 └── native-tls 0.2.11
Crate: openssl Version: 0.10.45 Title:
opensslSubjectAlternativeNameandExtendedKeyUsage::otherallow arbitrary file read Date: 2023-03-24 ID: RUSTSEC-2023-0023 URL: https://rustsec.org/advisories/RUSTSEC-2023-0023 Solution: Upgrade to >=0.10.48Crate: openssl Version: 0.10.45 Title:
opensslX509NameBuilder::buildreturned object is not thread safe Date: 2023-03-24 ID: RUSTSEC-2023-0022 URL: https://rustsec.org/advisories/RUSTSEC-2023-0022 Solution: Upgrade to >=0.10.48Crate: openssl Version: 0.10.45 Title:
opensslX509Extension::newandX509Extension::new_nidnull pointer dereference Date: 2023-03-24 ID: RUSTSEC-2023-0024 URL: https://rustsec.org/advisories/RUSTSEC-2023-0024 Solution: Upgrade to >=0.10.48