Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump OpenSSL to 3.3.2 #248

Merged
merged 1 commit into from
Sep 3, 2024
Merged

Bump OpenSSL to 3.3.2 #248

merged 1 commit into from
Sep 3, 2024

Conversation

alexcrichton
Copy link
Owner

No description provided.

@alexcrichton alexcrichton merged commit 690dd7d into main Sep 3, 2024
17 checks passed
@alexcrichton alexcrichton deleted the bump-to-3.3.2 branch September 3, 2024 14:40
@thalesfragoso
Copy link

Hi @alexcrichton. Thanks for your work in this project.

Would you be opposed to mirroring the openssl CVEs to RUSTSEC by tagging this crate ?

@alexcrichton
Copy link
Owner Author

Seems plausible yeah, but what would that entail? (I'm not sure how to do that myself)

@thalesfragoso
Copy link

It's basically creating a PR to RustSec/advisory-db. More info on their website.

The idea is to basically copy the official openssl's advisories verbatim. The advantage of doing that is that there are automatic dependency scanners that check rustsec.

The reporter isn't required to be the owner of the crate, so I could also do it when time allows.

@alexcrichton
Copy link
Owner Author

Ah ok I don't have the time to myself catalog all OpenSSL CVEs and manually mirror them, but if I can do something to help support someone else via this repo that seems reasonable to implement.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@alexcrichton @thalesfragoso