-
Notifications
You must be signed in to change notification settings - Fork 362
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add advisory for pkcs11 #1280
Comments
It might qualify as unmaintained. See our policy/process here: https://github.com/rustsec/advisory-db/blob/main/HOWTO_UNMAINTAINED.md |
I've raised an issue on the repo, we can wait and see if we get a reply :) |
If you're more familiar with the memory safety issues @ionut-arm maybe you could write / help me write the advisory (by listing/explaining the distinct issues with it so I can list em)? Since "this is unmaintained" isn't the only issue with it. |
Happy to create a draft PR with the advisory just for the safety issues for now, and I can add the "unmaintained" bit later on, when I can link to that issue. Edit: Or alternatively I can write up a short description/list here for you to cover? |
I think a draft PR that you can tag me in to look over would be fine (so other people can look over it too). I'm AFK at the moment but can check over it in 2ish hours. |
Done in #1282 |
The crate hasn't been touched in 2 years, and seems to have a fair few possibly security-related open issues.
mheese/rust-pkcs11#55
mheese/rust-pkcs11#54
mheese/rust-pkcs11#49
mheese/rust-pkcs11#53
I can't quite work out what to mark as the advisory, and don't know the crate well enough to explain these issues.
The text was updated successfully, but these errors were encountered: