Commit a2a9a4b
committed
chore: ignore rsa Marvin timing advisory (RUSTSEC-2023-0071)
The `rsa` crate, pulled transitively (e.g. via `pgp`/rPGP for OpenPGP
signature verification), carries RUSTSEC-2023-0071, the Marvin Attack timing
sidechannel. It affects RSA private-key operations (signing/decryption)
observable over a network, has no fixed release available upstream, and
consumers that only verify signatures perform public-key operations that are
unaffected. Ignore it so cargo-deny does not fail builds that only depend on
rsa for verification.1 parent cba83d3 commit a2a9a4b
1 file changed
Lines changed: 1 addition & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
22 | 22 | | |
23 | 23 | | |
24 | 24 | | |
| 25 | + | |
25 | 26 | | |
26 | 27 | | |
27 | 28 | | |
| |||
0 commit comments