Update reported issues in multiple packages #1770
Conversation
|
Sorry for sending PRs for several times. I finally find out how to check all the failed lints together. |
| # Allows uninitialized memory exposure in safe function | ||
| The safe function `push` allows users to cast arbitrary types as bytes. If user provides a `struct` type with padding bytes, it could violate the safety guarantee of `func` and expose the uninitialized memory. | ||
|
|
||
| Note: The crate is not maintained anymore. |
There was a problem hiding this comment.
If this is the case, a seperate unmaintained advisory would be more appropriate.
There was a problem hiding this comment.
Hi, I think my case is similar to this one: RUSTSEC-2023-0055, so I only mentioned it in advisories. Or I can update it again if you want?
|
Looks like quite a few of these are unfixed with no response from maintainers. Can someone remind me what our usual policy for those cases is? |
|
Last time we have settled on #1092 (comment) So it requires advance notice and a grace period for the maintainers to be able to take action before the advisory goes live. |
|
For the crate zub, we have got response that it is unmaintained for a while(nilq/zub-vm#14 (comment)). I think the code will not be patched. |
|
hi @alex , I am wondering the progress of this PR so far. If the PR has some wrong format then it should be rejected so that I can correct the issues:) |
No description provided.