Skip to content
This repository has been archived by the owner on Sep 4, 2024. It is now read-only.

Commit

Permalink
CI: ignore RUSTSEC-2022-0093 and RUSTSEC-2023-0052 (iqlusioninc#763)
Browse files Browse the repository at this point in the history 
Adds the following advisories to the `ignore` section of
`.cargo/audit.toml`:

- RUSTSEC-2022-0093: ed25519-dalek: double public key oracle attack
- RUSTSEC-2023-0052: webpki: potential DoS in certificate path building

Also removes RUSTSEC-2020-0071 which was fixed via transitive
dependencies.
  • Loading branch information
@tony-iqlusion
tony-iqlusion authored Oct 9, 2023
1 parent b65af58 commit 8200b53
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion .cargo/audit.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
ignore = [
"RUSTSEC-2019-0036", # failure: type confusion if __private_get_type_id__ is overridden
"RUSTSEC-2020-0036", # failure is officially deprecated/unmaintained
"RUSTSEC-2020-0071", # time: potential segfault in `localtime_r` invocations
"RUSTSEC-2022-0093", # ed25519-dalek: double public key signing function oracle attack
"RUSTSEC-2023-0033", # borsh: parsing borsh messages with ZST which are not-copy/clone is unsound
"RUSTSEC-2023-0052", # webpki: CPU denial of service in certificate path building
]

0 comments on commit 8200b53

Please sign in to comment.