mirror of
https://github.com/EFForg/rayhunter.git
synced 2026-05-30 00:09:26 -07:00
a1a29b5ec8
We have two versions of rustls-webpki in our deptree: - One used in the ring backend, which we're upgrading here - One used in the rustcrypto backend, which we can't upgrade and therefore have to ignore the CVE anyway. The ring backend is the one we actually use in release builds. rustcrypto is only used during development builds to make compilation simpler.
16 lines
693 B
TOML
16 lines
693 B
TOML
[advisories]
|
|
ignore = [
|
|
# RSA Marvin Attack in `rsa`, dragged in through rustcrypto (dev builds)
|
|
# and adb_client (USB signing only, unrelated to marvin attack which
|
|
# targets decryption).
|
|
"RUSTSEC-2023-0071",
|
|
# paste crate being unmaintained is not important. it's not dealing with
|
|
# user-input. we could get rid of this warning by disabling the image
|
|
# dependency in adb-client.
|
|
"RUSTSEC-2024-0436",
|
|
# rustls-webpki 0.102.8 CRL Distribution Point flaw (via rustls-rustcrypto).
|
|
# Only affects dev builds, production firmware uses ring-tls.
|
|
# TODO: Remove once rustls-rustcrypto releases a version newer than 0.0.2-alpha.
|
|
"RUSTSEC-2026-0049",
|
|
]
|