cpu
commented
1 year ago Based on the response from @sfackler on https://github.com/sfackler/rust-native-tls/issues/257 I suspect this issue can be closed.
Closed tdmb closed 1 year ago
cpu
commented
1 year ago Based on the response from @sfackler on https://github.com/sfackler/rust-native-tls/issues/257 I suspect this issue can be closed.
A cargo audit reveals the following vulnerabilities for the latest tokio-native-tls 0.3.0
I've opened an issue on native-tls which will need to be resolved first - see https://github.com/sfackler/rust-native-tls/issues/257
Dependency tree: openssl 0.10.45 └── native-tls 0.2.11 ├── tokio-native-tls 0.3.0
Crate: openssl Version: 0.10.45 Title: openssl SubjectAlternativeName and ExtendedKeyUsage::other allow arbitrary file read Date: 2023-03-24 ID: RUSTSEC-2023-0023 URL: https://rustsec.org/advisories/RUSTSEC-2023-0023 Solution: Upgrade to >=0.10.48
Crate: openssl Version: 0.10.45 Title: openssl X509NameBuilder::build returned object is not thread safe Date: 2023-03-24 ID: RUSTSEC-2023-0022 URL: https://rustsec.org/advisories/RUSTSEC-2023-0022 Solution: Upgrade to >=0.10.48
Crate: openssl Version: 0.10.45 Title: openssl X509Extension::new and X509Extension::new_nid null pointer dereference Date: 2023-03-24 ID: RUSTSEC-2023-0024 URL: https://rustsec.org/advisories/RUSTSEC-2023-0024 Solution: Upgrade to >=0.10.48