Closed striezel closed 1 year ago
This vulnerability is also known as GHSA-96jv-r488-c2rj.
Versions of the bzip2 crate before 0.4.4 contain a Denial of Service vulnerability that could cause the compression and / or decompression to run into an infinite loop. For more details see https://rustsec.org/advisories/RUSTSEC-2023-0004.html or https://github.com/alexcrichton/bzip2-rs/pull/86.
bzip2
Edit: @Plecra: You might want to merge #393 before this one to fix the build errors related to clippy and rustfmt.
clippy
rustfmt
closing as duplicate of #335, where this was discussed :) I still welcome extra comments there if you think there's anything to add.
Ah, I see. Understandable.
This vulnerability is also known as GHSA-96jv-r488-c2rj.
Versions of the
bzip2
crate before 0.4.4 contain a Denial of Service vulnerability that could cause the compression and / or decompression to run into an infinite loop. For more details see https://rustsec.org/advisories/RUSTSEC-2023-0004.html or https://github.com/alexcrichton/bzip2-rs/pull/86.Edit: @Plecra: You might want to merge #393 before this one to fix the build errors related to
clippy
andrustfmt
.