Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RUSTSEC-2020-0146: arr! macro erases lifetimes #720

Closed
github-actions bot opened this issue Mar 2, 2021 · 1 comment · Fixed by #719
Closed

RUSTSEC-2020-0146: arr! macro erases lifetimes #720

github-actions bot opened this issue Mar 2, 2021 · 1 comment · Fixed by #719
Assignees
@adizere
Labels
I: dependencies Internal: related to dependencies O: security Objective: cause to enhance security and improve safety
Milestone
03.2021

Comments

@github-actions
Copy link

github-actions bot commented Mar 2, 2021

arr! macro erases lifetimes

Details
Package generic-array
Version 0.12.3
URL fizyk20/generic-array#98
Date 2020-04-09
Patched versions >=0.14.0
Unaffected versions <0.8.0

Affected versions of this crate allowed unsoundly extending
lifetimes using arr! macro. This may result in a variety of
memory corruption scenarios, most likely use-after-free.

See advisory page for additional details.
@adizere adizere linked a pull request Mar 2, 2021 that will close this issue
Replace deprecated rust-crypto dep with RustCrypto org packages #719
Merged
5 tasks
@adizere
Copy link
Member

adizere commented Mar 2, 2021

We removed dependency ics23 which also removed generic-array.

@adizere adizere closed this as completed Mar 2, 2021
@adizere adizere self-assigned this Mar 2, 2021
@adizere adizere added I: dependencies Internal: related to dependencies O: security Objective: cause to enhance security and improve safety labels Mar 2, 2021
@adizere adizere added this to the 03.2021 milestone Mar 2, 2021
@adizere adizere mentioned this issue Mar 2, 2021
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@adizere adizere

Labels
I: dependencies Internal: related to dependencies O: security Objective: cause to enhance security and improve safety
Projects
None yet
Milestone
03.2021
Development

Successfully merging a pull request may close this issue.

Replace deprecated rust-crypto dep with RustCrypto org packages informalsystems/hermes
1 participant
@adizere