Skip to content

React to RUSTSEC-2022-0093 #724

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
MOZGIII merged 3 commits into from
Aug 15, 2023
Merged

React to RUSTSEC-2022-0093 #724

MOZGIII merged 3 commits into from
Aug 15, 2023

Conversation

@MOZGIII
Copy link
Contributor

@MOZGIII MOZGIII commented Aug 15, 2023

No description provided.

MOZGIII added 2 commits August 14, 2023 22:46
@MOZGIII
Bump our use of ed25519-dalek 2.0.0-rc3
603c64b 
We were not vulnerable to the "Double Public Key Signing Function
Oracle Attack on `ed25519-dalek`" either way, since it was fixed
at 2.0.0-rc2.
See dalek-cryptography/ed25519-dalek#205

Ref: https://rustsec.org/advisories/RUSTSEC-2022-0093
@MOZGIII
Ignore the RUSTSEC-2022-0093 for now
808c71e
@MOZGIII MOZGIII requested a review from dmitrylavrenov August 15, 2023 01:49
@MOZGIII MOZGIII enabled auto-merge August 15, 2023 01:56
@MOZGIII MOZGIII added this pull request to the merge queue Aug 15, 2023
Merged via the queue into master with commit 94e1364 Aug 15, 2023
@MOZGIII MOZGIII deleted the advfix branch August 15, 2023 03:17
dmitrylavrenov
dmitrylavrenov reviewed Aug 15, 2023
View reviewed changes
Copy link
Contributor

@dmitrylavrenov dmitrylavrenov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Got it!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dmitrylavrenov dmitrylavrenov dmitrylavrenov left review comments

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@MOZGIII @dmitrylavrenov