advisory-db icon indicating copy to clipboard operation
advisory-db copied to clipboard
verified publisher icon rustsec

Soundness issues for `futures-intrusive`

Open jonasbb opened this issue 3 years ago • 4 comments

I stumbled over two soundness issues of futures-intrusive which are currently unfixed.

  • [ ] https://github.com/Matthias247/futures-intrusive/issues/42
  • [ ] https://github.com/Matthias247/futures-intrusive/issues/56

jonasbb avatar Feb 03 '22 08:02 jonasbb

@Matthias247 would you want / prefer for us to file any advisories on any of these soundness issues potentially ?

Reading from responses "it shouldn't have caused any issues in practice" seems to indicate some disagreement re: as whether there is / are any issue/s on we should file any advisories on ?

@alexmoon I notice you may have fixed something - do you have any opinion either way? Thanks

If there are any proven soundness issues we should file advisory on

Then actionable fix should be there e.g. new crates.io release if any to point any users to potentially.

Also -

We don't have any actionable advisory here atm in a form of a pull request yet.

Cheers

pinkforest avatar Aug 13 '22 13:08 pinkforest

I also pinged about maintenance status here: https://github.com/Matthias247/futures-intrusive/issues/65

This crate has 2,304,739 downloads with ~8k downloads a day - last release was a year ago with open questions re: soundness.

pinkforest avatar Aug 14 '22 07:08 pinkforest