Project

General

Profile

Actions

Bug #22532

closed

Update openssl crate to fix several vulnerabilities

Added by Alexis Mousset over 1 year ago. Updated 11 months ago.

Status:
Released
Priority:
N/A
Category:
Security
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
Checked
Regression:
No

Actions #1

Updated by Alexis Mousset over 1 year ago

  • Status changed from New to In progress
  • Assignee set to Alexis Mousset
Actions #2

Updated by Alexis Mousset over 1 year ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Alexis Mousset to Vincent MEMBRÉ
  • Pull Request set to https://github.com/Normation/rudder/pull/4716
Actions #3

Updated by Alexis Mousset over 1 year ago

  • Status changed from Pending technical review to Pending release
Actions #4

Updated by Alexis Mousset over 1 year ago

In relayd we only use:

use openssl::{
    stack::Stack,
    x509::{store::X509StoreBuilder, X509},
    error::ErrorStack,
    pkey::{PKey, Public},
    rsa::Rsa,
    sign::Verifier,
    pkcs7::{Pkcs7, Pkcs7Flags},
    hash::MessageDigest,
};

So we're not directly affetected. We still need to check what is used in the HTTPS client.

Actions #5

Updated by Alexis Mousset over 1 year ago

The affected functions are not used in rust-native-tls either so we're very likely safe.

Actions #6

Updated by Vincent MEMBRÉ about 1 year ago

  • Fix check changed from To do to Checked
Actions #7

Updated by Alexis Mousset 12 months ago

  • Status changed from Pending release to Released
Actions #8

Updated by Alexis Mousset 11 months ago

  • Private changed from Yes to No
Actions

Also available in: Atom PDF