webc 10.0.1

Crate webc

Dependencies

(26 total, 4 outdated, 1 possibly insecure)

Crate	Required	Latest	Status
anyhow	`^1.0`	`1.0.100`	up to date
base64	`^0.22.0`	`0.22.1`	up to date
bytes	`^1`	`1.10.1`	up to date
cfg-if	`^1.0.0`	`1.0.4`	up to date
ciborium	`^0.2.2`	`0.2.2`	up to date
document-features	`^0.2.8`	`0.2.11`	up to date
flate2	`^1`	`1.1.4`	up to date
ignore	`^0.4`	`0.4.24`	up to date
indexmap	`^2`	`2.12.0`	up to date
leb128	`^0.2.1`	`0.2.5`	up to date
lexical-sort	`^0.3.1`	`0.3.1`	up to date
libc	`^0.2.153`	`0.2.177`	up to date
once_cell	`^1`	`1.21.3`	up to date
path-clean	`^1.0`	`1.0.1`	up to date
rand	`^0.8.5`	`0.9.2`	out of date
semver	`^1.0.18`	`1.0.27`	up to date
sequoia-openpgp ⚠️	`^1.8.0`	`2.0.0`	out of date
serde	`^1`	`1.0.228`	up to date
serde_json	`^1`	`1.0.145`	up to date
sha2	`^0.10.2`	`0.10.9`	up to date
shared-buffer	`^0.1.2`	`0.1.4`	up to date
tar	`^0.4.39`	`0.4.44`	up to date
tempfile	`^3.3.0`	`3.23.0`	up to date
thiserror	`^1`	`2.0.17`	out of date
toml	`^0.8`	`0.9.8`	out of date
url	`^2.2.2`	`2.5.7`	up to date

Crate

Required

Latest

Status

anyhow

^1.0

1.0.100

up to date

base64

^0.22.0

0.22.1

up to date

bytes

^1

1.10.1

up to date

cfg-if

^1.0.0

1.0.4

up to date

ciborium

^0.2.2

0.2.2

up to date

document-features

^0.2.8

0.2.11

up to date

flate2

^1

1.1.4

up to date

ignore

^0.4

0.4.24

up to date

indexmap

^2

2.12.0

up to date

leb128

^0.2.1

0.2.5

up to date

lexical-sort

^0.3.1

0.3.1

up to date

libc

^0.2.153

0.2.177

up to date

once_cell

^1

1.21.3

up to date

path-clean

^1.0

1.0.1

up to date

rand

^0.8.5

0.9.2

out of date

semver

^1.0.18

1.0.27

up to date

sequoia-openpgp ⚠️

^1.8.0

2.0.0

out of date

serde

^1

1.0.228

up to date

serde_json

^1

1.0.145

up to date

sha2

^0.10.2

0.10.9

up to date

shared-buffer

^0.1.2

0.1.4

up to date

tar

^0.4.39

0.4.44

up to date

tempfile

^3.3.0

3.23.0

up to date

thiserror

^1

2.0.17

out of date

toml

^0.8

0.9.8

out of date

url

^2.2.2

2.5.7

up to date

Dev dependencies

(6 total, 1 outdated)

Crate	Required	Latest	Status
hexdump	`^0.1.1`	`0.1.2`	up to date
insta	`^1`	`1.43.2`	up to date
pretty_assertions	`^1.2.1`	`1.4.1`	up to date
regex	`^1.9.1`	`1.12.2`	up to date
tempfile	`^3.3.0`	`3.23.0`	up to date
ureq	`^2.7.1`	`3.1.2`	out of date

Crate

Required

Latest

Status

hexdump

^0.1.1

0.1.2

up to date

insta

^1

1.43.2

up to date

pretty_assertions

^1.2.1

1.4.1

up to date

regex

^1.9.1

1.12.2

up to date

tempfile

^3.3.0

3.23.0

up to date

ureq

^2.7.1

3.1.2

out of date

Security Vulnerabilities

`sequoia-openpgp`: Low severity (DoS) vulnerability in sequoia-openpgp

RUSTSEC-2024-0345

There is a denial-of-service vulnerability in sequoia-openpgp, our crate providing a low-level interface to our OpenPGP implementation. When triggered, the process will enter an infinite loop.

Many thanks to Andrew Gallagher for disclosing the issue to us.

Impact

Any software directly or indirectly using the interface sequoia_openpgp::cert::raw::RawCertParser. Notably, this includes all software using the sequoia_cert_store crate.

Details

The RawCertParser does not advance the input stream when encountering unsupported cert (primary key) versions, resulting in an infinite loop.

The fix introduces a new raw-cert-specific cert::raw::Error::UnuspportedCert.

Affected software

sequoia-openpgp 1.13.0
sequoia-openpgp 1.14.0
sequoia-openpgp 1.15.0
sequoia-openpgp 1.16.0
sequoia-openpgp 1.17.0
sequoia-openpgp 1.18.0
sequoia-openpgp 1.19.0
sequoia-openpgp 1.20.0
Any software built against a vulnerable version of sequoia-openpgp which is directly or indirectly using the interface sequoia_openpgp::cert::raw::RawCertParser. Notably, this includes all software using the sequoia_cert_store crate.

Crate webc

Dependencies

Dev dependencies

Security Vulnerabilities

sequoia-openpgp: Low severity (DoS) vulnerability in sequoia-openpgp

Impact

Details

Affected software

Crate `webc`

`sequoia-openpgp`: Low severity (DoS) vulnerability in sequoia-openpgp