CVE-2023-5363 in Version 0.9.x of openssl-sys #2323
Comments
|
This is a vulnerability in OpenSSL itself, not this crate. I don't know
what's wrong with Sonatype's metadata.
…On Fri, Oct 25, 2024 at 2:44 AM Günther Grill ***@***.***> wrote:
Hi,
it seems like that version 0.9.x of openssl-sys (I can tell that all
versions of 0.9.x up to the latest 0.9.104 is in the list, but you need to
register to see this information) if affected by the vulnerability
classified as high
https://ossindex.sonatype.org/vulnerability/CVE-2023-5363?component-type=cargo&component-name=openssl-sys
I don't know if this is something which can be fixed in 0.9, but it seems
no version of 0.10 if affected.
Are there any plans to upgrade openssl to from openssl-sys:0.9.x to
openssl-sys:0.10.x?
—
Reply to this email directly, view it on GitHub
<#2323>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAAGBFZQBMW7XFTIVS6JILZ5HSELAVCNFSM6AAAAABQSS2A3WVHI2DSMVQWIX3LMV43ASLTON2WKOZSGYYTGMRTGQ3DINA>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
--
All that is necessary for evil to succeed is for good people to do nothing.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
it seems like that version 0.9.x of openssl-sys (I can tell that all versions of 0.9.x up to the latest 0.9.104 is in the list, but you need to register to see this information) if affected by the vulnerability classified as high https://ossindex.sonatype.org/vulnerability/CVE-2023-5363?component-type=cargo&component-name=openssl-sys
I don't know if this is something which can be fixed in 0.9, but it seems no version of 0.10 if affected.
Are there any plans to upgrade openssl to from openssl-sys:0.9.x to openssl-sys:0.10.x?
The text was updated successfully, but these errors were encountered: