rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
advisory-db/crates/olm-sys/RUSTSEC-2024-0368.md
djc 2e45336771 Synchronize IDs (2025-10-28)
2025-10-28 07:02:18 +01:00

977 B
Raw Permalink Blame History 

[advisory]
id = "RUSTSEC-2024-0368"
package = "olm-sys"
date = "2024-09-02"
url = "https://gitlab.gnome.org/BrainBlasted/olm-sys/-/issues/12"
references = ["https://matrix.org/blog/2024/08/libolm-deprecation/"]
categories = ["crypto-failure"]
related = ["CVE-2024-45191", "CVE-2024-45192", "CVE-2024-45193"]
aliases = ["GHSA-p2q9-36vw-c468"]

[versions]
patched = []

olm-sys: wrapped library unmaintained, potentially vulnerable

After several cryptographic vulnerabilities in libolm were disclosed publicly, the Matrix Foundation has officially deprecated the library. olm-sys is a thin wrapper around libolm and is now deprecated and potentially vulnerable in kind.

Users of olm-sys and its higher-level abstraction, olm-rs, are highly encouraged to switch to vodozemac as soon as possible. It is the successor effort to libolm and is written in Rust.