OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-16 16:46:18 +01:00
Code Issues Packages Projects Releases Wiki Activity

Advisory: security-framework hostname verification bypass

Browse Source
This commit is contained in:
Steven Fackler
2017-03-15 11:47:14 -07:00
parent fb69bfb65b
commit ffb475d466
1 changed files with 14 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
crates/security-framework/RUSTSEC-0000-0000.toml Normal file
View File

@@ -0,0 +1,14 @@
[advisory]
package = "security-framework"
patched_versions = [">= 0.1.12"]
dwf = []
url = "https://github.com/sfackler/rust-security-framework/pull/27"
title = "Hostname verification skipped when custom root certs used"
description = """
If custom root certificates were registered with a `ClientBuilder`, the
hostname of the target server would not be validated against its presented leaf
certificate.
This issue was fixed by properly configuring the trust evaluation logic to
perform that check.
"""