cert-checker 1.3.1 has been release as a Snap, featuring:
- ⚙️ fix: updated libraries to newer versions to address security vulnerabilities
Crate: h2
Version: 0.3.22
Title: Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS)
Date: 2024-01-17
ID: RUSTSEC-2024-0003
URL: https://rustsec.org/advisories/RUSTSEC-2024-0003
Crate: h2
Version: 0.3.22
Title: Degradation of service in h2 servers with CONTINUATION Flood
Date: 2024-04-03
ID: RUSTSEC-2024-0332
URL: https://rustsec.org/advisories/RUSTSEC-2024-0332
Crate: idna
Version: 0.5.0
Title: `idna` accepts Punycode labels that do not produce any non-ASCII when decoded
Date: 2024-12-09
ID: RUSTSEC-2024-0421
URL: https://rustsec.org/advisories/RUSTSEC-2024-0421
Crate: mio
Version: 0.8.10
Title: Tokens for named pipes may be delivered after deregistration
Date: 2024-03-04
ID: RUSTSEC-2024-0019
URL: https://rustsec.org/advisories/RUSTSEC-2024-0019
Solution: Upgrade to >=0.8.11
Crate: openssl
Version: 0.10.61
Title: `MemBio::get_buf` has undefined behavior with empty buffers
Date: 2024-07-21
ID: RUSTSEC-2024-0357
URL: https://rustsec.org/advisories/RUSTSEC-2024-0357
Solution: Upgrade to >=0.10.66
Crate: openssl
Version: 0.10.61
Title: ssl::select_next_proto use after free
Date: 2025-02-02
ID: RUSTSEC-2025-0004
URL: https://rustsec.org/advisories/RUSTSEC-2025-0004
Crate: openssl
Version: 0.10.61
Title: Use-After-Free in `Md::fetch` and `Cipher::fetch`
Date: 2025-04-04
ID: RUSTSEC-2025-0022
URL: https://rustsec.org/advisories/RUSTSEC-2025-0022
Crate: ring
Version: 0.17.7
Title: Some AES functions may panic when overflow checking is enabled.
Date: 2025-03-06
ID: RUSTSEC-2025-0009
URL: https://rustsec.org/advisories/RUSTSEC-2025-0009
Crate: rustls
Version: 0.22.1
Title: `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input
Date: 2024-04-19
ID: RUSTSEC-2024-0336
URL: https://rustsec.org/advisories/RUSTSEC-2024-0336
Severity: 7.5 (high)
Pseudo-SBOM
The lockfile can be found here.
