atm0s-media-server
atm0s-media-server copied to clipboard
8xFF
chore(deps): update rust crate openssl to v0.10.72 [security]
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| openssl | workspace.dependencies | patch | 0.10.71 -> 0.10.72 |
GitHub Vulnerability Alerts
GHSA-4fcv-w3qc-ppgg
When a Some(...) value was passed to the properties argument of either of these functions, a use-after-free would result.
In practice this would nearly always result in OpenSSL treating the properties as an empty string (due to CString::drop's behavior).
The maintainers thank quitbug for reporting this vulnerability to us.
Release Notes
sfackler/rust-openssl (openssl)
v0.10.72
What's Changed
- make set_rsa_oaep_md visible to boringssl config by @frncs-rss in #2372
- Fix typo in openssl-sys build script by @rushilmehra in #2375
- Unify the two BoringSSL codepaths a bit and simplify init by @davidben in #2377
- pkey_ctx: Fix link to the corresponding OpenSSL function by @Jakuje in #2378
- fix test on MSRV by @alex in #2383
- Add support for AWS-LC to openssl and openssl-sys crates by @skmcgrail in #1805
- Enable additional capabilities for AWS-LC by @skmcgrail in #2386
- Use --experimental with bindgen-cli with aws-lc build by @skmcgrail in #2389
- Fixed two UAFs and bumped versions for release by @alex in #2390
New Contributors
- @Jakuje made their first contribution in #2378
- @skmcgrail made their first contribution in #1805
Full Changelog: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.71...openssl-v0.10.72
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
- [ ] If you want to rebase/retry this PR, check this box
This PR was generated by Mend Renovate. View the repository job log.
![renovate[bot] avatar](https://avatars.githubusercontent.com/in/2740?v=4 "Published by a pub.dev verified publisher"){kind=small}