GHSA-p2q9-36vw-c468

Suggest an improvement
Source
https://github.com/advisories/GHSA-p2q9-36vw-c468
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/09/GHSA-p2q9-36vw-c468/GHSA-p2q9-36vw-c468.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-p2q9-36vw-c468
Published
2024-09-03T21:11:21Z
Modified
2024-09-03T21:11:21Z
Summary
olm-sys: wrapped library unmaintained, potentially vulnerable
Details

After several cryptographic vulnerabilities in libolm were disclosed publicly, the Matrix Foundation has officially deprecated the library. olm-sys is a thin wrapper around libolm and is now deprecated and potentially vulnerable in kind.

Users of olm-sys and its higher-level abstraction, olm-rs, are highly encouraged to switch to vodozemac as soon as possible. It is the successor effort to libolm and is written in Rust.

References

Affected packages

crates.io / olm-sys

Package

Name
olm-sys
View open source insights on deps.dev
Purl
pkg:cargo/olm-sys

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
1.3.2