Hello,
The latest version of procspawn depends on ipc-channel crate version 0.15.0, which depends on crossbeam-channel version 0.4. crossbeam-channel depends on crossbeam-utils that contains security vulnerability CVE-2022-23639 that affects all version of the crate prior to 0.8.7. The issue can cause unaligned memory accesses and data race.
In order to fix this security issue crate ipc-channel needs to be update to version 0.16.0, which uses newer versions of dependencies with fixed vulnerability.
Hello,
The latest version of
procspawndepends onipc-channelcrate version 0.15.0, which depends oncrossbeam-channelversion 0.4.crossbeam-channeldepends oncrossbeam-utilsthat contains security vulnerability CVE-2022-23639 that affects all version of the crate prior to 0.8.7. The issue can cause unaligned memory accesses and data race.In order to fix this security issue crate
ipc-channelneeds to be update to version 0.16.0, which uses newer versions of dependencies with fixed vulnerability.