Taylor Hornby
Taylor Hornby
**Changelogs** OpenSSL (upgrading from 1.1.0h to 1.1.1a): - [1.1.0h to 1.1.0i](https://www.openssl.org/news/changelog.html#x3) - [1.1.0i to 1.1.1](https://www.openssl.org/news/changelog.html#x2) Rust (upgrading from 1.28.0 to 1.32.0): - [RELEASES.md](https://github.com/rust-lang/rust/blob/master/RELEASES.md) Boost (upgrading from 1.66.0 to 1.69.0): -...
No vulnerabilities relevant to us were noted as fixed in the OpenSSL changelogs (just some side-channel attack defenses were added or improved). Some of the items caught my eye as...
Security fixes in the rust update: - The standard library's str::repeat function contained an out of bounds write caused by an integer overflow. This has been fixed by deterministically panicking...
A list of all Boost "breaking changes": - (In Atomic) Breaking change: Changed the result of the (op)_and_test operations added in Boost 1.66 to the opposite - the functions now...
Reminder: need to upload the new versions of things to `https://z.cash/depends-sources/`.
~~Updating proton is blocking on #3816.~~ Yay I got the build working with the latest proton! I just have to review the changelogs and then redo the patching in https://github.com/zcash/zcash/pull/2280...
The combined changelog for the Proton update is huge. Here are the potentially-security-relevant bugs that were fixed: - [heap-buffer-overflow in pn_decoder_readf32 when invoking pn_message_decode](https://issues.apache.org/jira/browse/PROTON-1359) - [pn_ssl_get_{protocol|cypher}_name() may segfault when called...
We also use v1.1 of LevelDB. The [most recent release is v1.20](https://github.com/google/leveldb/releases).
I quickly looked through the CVEs listed at https://security-tracker.debian.org/tracker/source-package/openssl1.0 and I don't think we're affected by any. It's just side-channels, stuff in TLS, and a math bug: "There is a...
``` NAME STATUS CURRENT VERSION NEWER VERSIONS packages skipped librustzcash skipped crate_blake2_rfc skipped crate_sapling_crypto skipped crate_zip32 skipped bdb OUT OF DATE 6.2.23 ['6.2.38', '18.1.32'] boost up to date 1.69.0 googletest...