advisory-db icon indicating copy to clipboard operation
advisory-db copied to clipboard
verified publisher icon rustsec

ppv-lite86 appears unsound

Open gendx opened this issue 1 year ago • 2 comments

There is a pull request open for almost a year on the ppv-lite86 to fix unsoundness: https://github.com/cryptocorrosion/cryptocorrosion/pull/72. I didn't see activity on the repository since November 2022, so this doesn't look like it will be addressed any time soon.

Note that this is depended on by 14k crates, as it is a direct dependency of the rand_chacha crate.

gendx avatar Jun 25 '24 08:06 gendx

You might mention this issue on that thread as a heads up, i.e. "There's an open issue to file a security advisory for this"

tarcieri avatar Jun 25 '24 17:06 tarcieri

You might mention this issue on that thread as a heads up, i.e. "There's an open issue to file a security advisory for this"

Done.

gendx avatar Jun 27 '24 08:06 gendx