Commit 701752c
Bump openssl to 0.10.80 to fix CVE-2026-45784 (#3629)
Updates `openssl` 0.10.79 → 0.10.80 (and `openssl-sys` 0.9.115 →
0.9.116) in `Cargo.lock` to address
[GHSA-phqj-4mhp-q6mq](GHSA-phqj-4mhp-q6mq)
/ CVE-2026-45784.
This is a potential out-of-bounds write in
`CipherCtxRef::cipher_update_inplace` for AES-KW-PAD ciphers
(`EVP_aes_{128,192,256}_wrap_pad`). The advisory's first patched version
is 0.10.80.
Resolves Dependabot alert #35. Lockfile-only change; `cargo xtask fmt
--fix` passes.
Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>1 parent ad1ec7c commit 701752c
1 file changed
Lines changed: 4 additions & 4 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
5273 | 5273 | | |
5274 | 5274 | | |
5275 | 5275 | | |
5276 | | - | |
| 5276 | + | |
5277 | 5277 | | |
5278 | | - | |
| 5278 | + | |
5279 | 5279 | | |
5280 | 5280 | | |
5281 | 5281 | | |
| |||
5313 | 5313 | | |
5314 | 5314 | | |
5315 | 5315 | | |
5316 | | - | |
| 5316 | + | |
5317 | 5317 | | |
5318 | | - | |
| 5318 | + | |
5319 | 5319 | | |
5320 | 5320 | | |
5321 | 5321 | | |
| |||
0 commit comments