Add advisory for sequoia-openpgp #1696

nwalfield · 2023-05-19T18:27:16Z

Attacker-controlled input can lead to an out-of-bounds index, which causes sequoia-openpgp to panic. This has been fixed in versions 1.16.0, 1.8.1, and 1.1.1 of sequoia-openpgp.

crates/sequoia-openpgp/RUSTSEC-0000-0000.md

Attacker-controlled input can lead to an out-of-bounds index, which causes sequoia-openpgp to panic. This has been fixed in versions 1.16.0, 1.8.1, and 1.1.1 of sequoia-openpgp.

amousset · 2023-05-31T20:55:34Z

Thanks for your report!

nwalfield force-pushed the sequoia-openpgp branch from 1bbca59 to 2af766a Compare May 19, 2023 18:34

amousset requested changes May 28, 2023

View reviewed changes

crates/sequoia-openpgp/RUSTSEC-0000-0000.md Outdated Show resolved Hide resolved

crates/sequoia-openpgp/RUSTSEC-0000-0000.md Outdated Show resolved Hide resolved

crates/sequoia-openpgp/RUSTSEC-0000-0000.md Outdated Show resolved Hide resolved

Add advisory for sequoia-openpgp

eaa1f6c

Attacker-controlled input can lead to an out-of-bounds index, which causes sequoia-openpgp to panic. This has been fixed in versions 1.16.0, 1.8.1, and 1.1.1 of sequoia-openpgp.

nwalfield force-pushed the sequoia-openpgp branch from 2af766a to eaa1f6c Compare May 31, 2023 08:43

amousset approved these changes May 31, 2023

View reviewed changes

amousset merged commit ee9ec5f into rustsec:main May 31, 2023

nwalfield deleted the sequoia-openpgp branch May 31, 2023 21:28

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add advisory for sequoia-openpgp #1696

Add advisory for sequoia-openpgp #1696

nwalfield commented May 19, 2023

amousset commented May 31, 2023

Add advisory for sequoia-openpgp #1696

Add advisory for sequoia-openpgp #1696

Conversation

nwalfield commented May 19, 2023

amousset commented May 31, 2023