OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-09 13:09:27 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
96b7e7b2933820a8a58be034a32fbf6ea70b4267
advisory-db/Advisories.toml
Tony Arcieri 05af1866b1 Revert "Merge pull request #8 from RustSec/rename-package-to-crate-name" 
Cargo uses "package" in Cargo.lock, so there is wisdom to using "package"
instead of "crate_name"

This reverts commit 986c090c06, reversing
changes made to 9556f0fdee.
2017-02-26 00:26:22 -08:00

17 lines
567 B
TOML
Raw Blame History

[[advisory]]
id = "RUSTSEC-2017-0001"
package = "sodiumoxide"
patched_versions = [">= 0.0.14"]
dwf = []
date = "2017-01-26"
url = "https://github.com/dnaq/sodiumoxide/issues/154"
title = "scalarmult() vulnerable to degenerate public keys"
description = """
The `scalarmult()` function included in previous versions of this crate
accepted all-zero public keys, for which the resulting Diffie-Hellman shared
secret will always be zero regardless of the private key used.
This issue was fixed by checking for this class of keys and rejecting them
if they are used.
"""
Reference in New Issue View Git Blame Copy Permalink