New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix use-after-free in cms #942

Merged
merged 1 commit into from Jun 2, 2018

Conversation

2 participants
@sfackler
Copy link
Owner

sfackler commented Jun 2, 2018

Closes #941

@sfackler sfackler merged commit 63afe30 into master Jun 2, 2018

13 of 15 checks passed

continuous-integration/appveyor/branch Waiting for AppVeyor build to complete
Details
continuous-integration/appveyor/pr Waiting for AppVeyor build to complete
Details
ci/circleci: armhf-openssl-1.0.2 Your tests passed on CircleCI!
Details
ci/circleci: armhf-openssl-1.1.0 Your tests passed on CircleCI!
Details
ci/circleci: armhf-openssl-1.1.1 Your tests passed on CircleCI!
Details
ci/circleci: i686-openssl-1.0.2 Your tests passed on CircleCI!
Details
ci/circleci: i686-openssl-1.1.0 Your tests passed on CircleCI!
Details
ci/circleci: i686-openssl-1.1.1 Your tests passed on CircleCI!
Details
ci/circleci: macos Your tests passed on CircleCI!
Details
ci/circleci: x86_64-libressl-2.5.0 Your tests passed on CircleCI!
Details
ci/circleci: x86_64-libressl-2.7.2 Your tests passed on CircleCI!
Details
ci/circleci: x86_64-openssl-1.0.1 Your tests passed on CircleCI!
Details
ci/circleci: x86_64-openssl-1.0.2 Your tests passed on CircleCI!
Details
ci/circleci: x86_64-openssl-1.1.0 Your tests passed on CircleCI!
Details
ci/circleci: x86_64-openssl-1.1.1 Your tests passed on CircleCI!
Details

@sfackler sfackler deleted the fix-cms-crash branch Jun 2, 2018

@Shnatsel

This comment has been minimized.

Copy link

Shnatsel commented Dec 8, 2018

Use-after-free is an exploitable security vunlerability. Once a fix is released, please add this issue to the Rust security advisory database and/or file a CVE so that people could check whether they're running a vulnerable version and upgrade.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment