Advisory: GHSA-hcp2-x6j4-29j7 (CVE-2026-22705)
Claimed fixed version: ml-dsa==0.1.0-rc.2 (crates.io)
Correct first fixed version: 0.1.0-rc.3
git merge-base --is-ancestor 035d9eef9848 ml-dsa-v0.1.0-rc.2 returns false. The fix commit is not in the ancestry of the 0.1.0-rc.2 release tag. The 0.1.0-rc.2 crate ships ml-dsa/src/algebra.rs and ml-dsa/src/ntt.rs byte-identical to the pre-fix state (variable-time division on secret-derived data present).
Note: the RUSTSEC advisory (RUSTSEC-2025-0144) already has this correct with patched = [">= 0.1.0-rc.3"]. The GHSA advisory should be updated to match.
The advisory's fixed version should be corrected from 0.1.0-rc.2 to 0.1.0-rc.3.
Advisory: GHSA-hcp2-x6j4-29j7 (CVE-2026-22705)
Claimed fixed version: ml-dsa==0.1.0-rc.2 (crates.io)
Correct first fixed version: 0.1.0-rc.3
git merge-base --is-ancestor 035d9eef9848 ml-dsa-v0.1.0-rc.2returns false. The fix commit is not in the ancestry of the 0.1.0-rc.2 release tag. The 0.1.0-rc.2 crate shipsml-dsa/src/algebra.rsandml-dsa/src/ntt.rsbyte-identical to the pre-fix state (variable-time division on secret-derived data present).Note: the RUSTSEC advisory (RUSTSEC-2025-0144) already has this correct with
patched = [">= 0.1.0-rc.3"]. The GHSA advisory should be updated to match.The advisory's
fixedversion should be corrected from0.1.0-rc.2to0.1.0-rc.3.