File tree Expand file tree Collapse file tree 1 file changed +24
-0
lines changed Expand file tree Collapse file tree 1 file changed +24
-0
lines changed Original file line number Diff line number Diff line change 1+ ``` toml
2+ [advisory ]
3+ id = " RUSTSEC-0000-0000"
4+ package = " matrix-sdk-crypto"
5+ date = " 2024-01-07"
6+ url = " https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-r5vf-wf4h-82gg"
7+ categories = [" crypto-failure"
8+ aliases = [" CVE-2024-52813" " GHSA-r5vf-wf4h-82gg"
9+ informational = " notice"
10+
11+ [versions ]
12+ patched = [" >= 0.8.0"
13+ ```
14+
15+ # Missing facility to signal rotation of a verified cryptographic identity
16+
17+ Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated
18+ mechanism to notify that a user's cryptographic identity has changed from a
19+ verified to an unverified one, which could cause client applications relying on
20+ the SDK to overlook such changes.
21+
22+ matrix-sdk-crypto 0.8.0 adds a new ` VerificationLevel::VerificationViolation `
23+ enum variant which indicates that a previously verified identity has been
24+ changed.
You can’t perform that action at this time.
0 commit comments