Skip to content

Commit 701752c

Browse files
benhillisBen HillisCopilot
authored
Bump openssl to 0.10.80 to fix CVE-2026-45784 (#3629)
Updates `openssl` 0.10.79 → 0.10.80 (and `openssl-sys` 0.9.115 → 0.9.116) in `Cargo.lock` to address [GHSA-phqj-4mhp-q6mq](GHSA-phqj-4mhp-q6mq) / CVE-2026-45784. This is a potential out-of-bounds write in `CipherCtxRef::cipher_update_inplace` for AES-KW-PAD ciphers (`EVP_aes_{128,192,256}_wrap_pad`). The advisory's first patched version is 0.10.80. Resolves Dependabot alert #35. Lockfile-only change; `cargo xtask fmt --fix` passes. Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
1 parent ad1ec7c commit 701752c

1 file changed

Lines changed: 4 additions & 4 deletions

File tree

Cargo.lock

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -5273,9 +5273,9 @@ dependencies = [
52735273

52745274
[[package]]
52755275
name = "openssl"
5276-
version = "0.10.79"
5276+
version = "0.10.80"
52775277
source = "registry+https://github.com/rust-lang/crates.io-index"
5278-
checksum = "bf0b434746ee2832f4f0baf10137e1cabb18cbe6912c69e2e33263c45250f542"
5278+
checksum = "a45fa2aa886c42762255da344f0a0d313e254066c46aad76f300c3d3da62d967"
52795279
dependencies = [
52805280
"bitflags 2.9.3",
52815281
"cfg-if",
@@ -5313,9 +5313,9 @@ dependencies = [
53135313

53145314
[[package]]
53155315
name = "openssl-sys"
5316-
version = "0.9.115"
5316+
version = "0.9.116"
53175317
source = "registry+https://github.com/rust-lang/crates.io-index"
5318-
checksum = "158fe5b292746440aa6e7a7e690e55aeb72d41505e2804c23c6973ad0e9c9781"
5318+
checksum = "f28a22dc7140cda5f096e5e7724a6962ca81a7f8bfd2979f9b18c11af56318c4"
53195319
dependencies = [
53205320
"cc",
53215321
"libc",

0 commit comments

Comments
 (0)