This repository has been archived by the owner on Jun 2, 2024. It is now read-only.
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
bump bzip2 to 0.4.4 to fix RUSTSEC-2023-0004 / CVE-2023-22895
This vulnerability is also known as GHSA-96jv-r488-c2rj. Versions of the bzip2 crate before 0.4.4 contain a Denial of Service vulnerability that could cause the compression and / or decompression to run into an infinite loop. For more details see <https://rustsec.org/advisories/RUSTSEC-2023-0004.html> or <alexcrichton/bzip2-rs#86>.
- Loading branch information