Plecra
commented
1 year ago closing as duplicate of #335, where this was discussed :) I still welcome extra comments there if you think there's anything to add.
Closed striezel closed 1 year ago
Plecra
commented
1 year ago closing as duplicate of #335, where this was discussed :) I still welcome extra comments there if you think there's anything to add.
striezel
commented
1 year ago Ah, I see. Understandable.
This vulnerability is also known as GHSA-96jv-r488-c2rj.
Versions of the
bzip2crate before 0.4.4 contain a Denial of Service vulnerability that could cause the compression and / or decompression to run into an infinite loop. For more details see https://rustsec.org/advisories/RUSTSEC-2023-0004.html or https://github.com/alexcrichton/bzip2-rs/pull/86.Edit: @Plecra: You might want to merge #393 before this one to fix the build errors related to
clippyandrustfmt.