Actions
Bug #22532
closed
Update openssl crate to fix several vulnerabilities
Status:
Released
Priority:
N/A
Assignee:
Category:
Security
Target version:
Pull Request:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
Checked
Regression:
No
Updated by Alexis Mousset over 1 year ago
- Status changed from New to In progress
- Assignee set to Alexis Mousset
Updated by Alexis Mousset over 1 year ago
- Status changed from In progress to Pending technical review
- Assignee changed from Alexis Mousset to Vincent MEMBRÉ
- Pull Request set to https://github.com/Normation/rudder/pull/4716
Updated by Alexis Mousset over 1 year ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder|f8670eb8d9469d5e82a06219f888c6e8623ca457.
Updated by Alexis Mousset over 1 year ago
In relayd we only use:
use openssl::{
stack::Stack,
x509::{store::X509StoreBuilder, X509},
error::ErrorStack,
pkey::{PKey, Public},
rsa::Rsa,
sign::Verifier,
pkcs7::{Pkcs7, Pkcs7Flags},
hash::MessageDigest,
};
So we're not directly affetected. We still need to check what is used in the HTTPS client.
Updated by Alexis Mousset over 1 year ago
The affected functions are not used in rust-native-tls either so we're very likely safe.
Updated by Vincent MEMBRÉ over 1 year ago
- Fix check changed from To do to Checked
Updated by Alexis Mousset over 1 year ago
- Status changed from Pending release to Released
Actions