-
Notifications
You must be signed in to change notification settings - Fork 25
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2023-26964 question #279
Comments
Thanks for pointing this out! |
Whoops, didnt mean to close it |
New release is finished 👍 |
Thanks for the update! When updating the openSUSE package I got the following error during building though:
|
Hmm, current |
Rust 1.71 |
Also builds for me with 1.71 |
I do believe that is because you did 9a6599b after tagging the release. Thus it still prints the 1.3.1 version.
I'm using the tarball from here https://github.com/Hyde46/hoard/releases/tag/v1.3.2 I took the changes on master from https://github.com/Hyde46/hoard/compare/v1.3.2...main.patch and added them in a patch. Resulting in the correct version printed in But the error still stays. I'll upload the full build log in a second in case that helps. |
I tried the 1.4.0 release and now get only:
Full build log: https://build.opensuse.org/build/utilities/openSUSE_Factory/x86_64/hoard/_log |
Finally could replicate the issue and could fix it. Thanks for the build logs! |
Should hopefully be okay with release 1.4.2 now |
That did the trick :) |
I'm not very familiar with Rust so I would like to ask this question.
I saw there is https://nvd.nist.gov/vuln/detail/CVE-2023-26964 and GHSA-f8vr-r385-rh5r sais that h2 < 0.3.17 is affected.
Does that mean that hoard is affected?
The text was updated successfully, but these errors were encountered: