oo7 0.4.3

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate `oo7`

Dependencies

(30 total, 13 outdated, 1 possibly insecure)

Crate	Required	Latest	Status
aes	`^0.8`	`0.9.0`	out of date
ashpd	`^0.11`	`0.13.10`	out of date
async-fs	`^2.1.0`	`2.2.0`	up to date
async-io	`^2.4.0`	`2.6.0`	up to date
async-lock	`^3.2.0`	`3.4.2`	up to date
blocking	`^1.5.1`	`1.6.2`	up to date
cbc	`^0.1`	`0.2.0`	out of date
cipher	`^0.4`	`0.5.1`	out of date
digest	`^0.10`	`0.11.3`	out of date
endi	`^1.1`	`1.1.1`	up to date
futures-lite	`^2.6`	`2.6.1`	up to date
futures-util	`^0.3`	`0.3.32`	up to date
getrandom	`^0.3`	`0.4.2`	out of date
hkdf	`^0.12`	`0.13.0`	out of date
hmac	`^0.12`	`0.13.0`	out of date
md-5	`^0.10`	`0.11.0`	out of date
num	`^0.4.0`	`0.4.3`	up to date
num-bigint-dig	`^0.8`	`0.9.1`	out of date
openssl ⚠️	`^0.10`	`0.10.79`	maybe insecure
pbkdf2	`^0.12`	`0.13.0`	out of date
rand	`^0.9`	`0.10.1`	out of date
serde	`^1.0`	`1.0.228`	up to date
sha2	`^0.10`	`0.11.0`	out of date
subtle	`^2.5`	`2.6.1`	up to date
tokio	`^1.43`	`1.52.3`	up to date
tracing	`^0.1`	`0.1.44`	up to date
zbus	`^5.5`	`5.15.0`	up to date
zbus_macros	`^5.5`	`5.15.0`	up to date
zeroize	`^1`	`1.8.2`	up to date
zvariant	`^5.2`	`5.11.0`	up to date

Dev dependencies

(2 total, all up-to-date)

Crate	Required	Latest	Status
tempfile	`^3.17`	`3.27.0`	up to date
tokio	`^1.43`	`1.52.3`	up to date

Security Vulnerabilities

`openssl`: Use-After-Free in `Md::fetch` and `Cipher::fetch`

RUSTSEC-2025-0022

When a Some(...) value was passed to the properties argument of either of these functions, a use-after-free would result.

In practice this would nearly always result in OpenSSL treating the properties as an empty string (due to CString::drop's behavior).

The maintainers thank quitbug for reporting this vulnerability to us.