Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1wMnE5LTM2dnctYzQ2OM4AA_QL
olm-sys: wrapped library unmaintained, potentially vulnerable
After several cryptographic vulnerabilities in libolm were disclosed publicly, the Matrix Foundation has officially deprecated the library. olm-sys is a thin wrapper around libolm and is now deprecated and potentially vulnerable in kind.
Users of olm-sys and its higher-level abstraction, olm-rs, are highly encouraged to switch to vodozemac as soon as possible. It is the successor effort to libolm and is written in Rust.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wMnE5LTM2dnctYzQ2OM4AA_QL
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 3 months ago
Updated: 3 months ago
Identifiers: GHSA-p2q9-36vw-c468
References:
- https://gitlab.gnome.org/BrainBlasted/olm-sys/-/issues/12
- https://matrix.org/blog/2024/08/libolm-deprecation
- https://rustsec.org/advisories/RUSTSEC-2024-0368.html
- https://github.com/advisories/GHSA-p2q9-36vw-c468
Affected Packages
cargo:olm-sys
Dependent packages: 1Dependent repositories: 129
Downloads: 147,607 total
Affected Version Ranges: <= 1.3.2
No known fixed version
All affected versions: 0.1.0, 0.1.1, 0.1.2, 0.1.3, 0.1.4, 0.1.5, 0.2.0, 1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.2.0, 1.3.0, 1.3.1, 1.3.2