Add advisory for pkcs11 #1280
Comments
|
It might qualify as unmaintained. See our policy/process here: https://github.com/rustsec/advisory-db/blob/main/HOWTO_UNMAINTAINED.md |
|
I've raised an issue on the repo, we can wait and see if we get a reply :) |
|
If you're more familiar with the memory safety issues @ionut-arm maybe you could write / help me write the advisory (by listing/explaining the distinct issues with it so I can list em)? Since "this is unmaintained" isn't the only issue with it. |
|
Happy to create a draft PR with the advisory just for the safety issues for now, and I can add the "unmaintained" bit later on, when I can link to that issue. Edit: Or alternatively I can write up a short description/list here for you to cover? |
|
I think a draft PR that you can tag me in to look over would be fine (so other people can look over it too). I'm AFK at the moment but can check over it in 2ish hours. |
|
Done in #1282 |
The crate hasn't been touched in 2 years, and seems to have a fair few possibly security-related open issues.
mheese/rust-pkcs11#55
mheese/rust-pkcs11#54
mheese/rust-pkcs11#49
mheese/rust-pkcs11#53
I can't quite work out what to mark as the advisory, and don't know the crate well enough to explain these issues.
The text was updated successfully, but these errors were encountered: