Stream: wasmtime

Topic: ✔ security advisories


view this post on Zulip Stephan Renatus (Sep 24 2021 at 07:27):

Hey there. I've noticed that for the wasmtime repo and its releases, security advisories are issued, and they will cause github to trigger warnings in projects that depend on a certain wasmtime version. now, envy kicks in: wasmtime-go seems to have no such thing. I also don't know if it's related to rust (rustsec?) or how it all came to be, I was just thinking it would be nice if the other-lang-embeddings were notified in some similar way... :thinking:

GitHub is where people build software. More than 65 million people use GitHub to discover, fork, and contribute to over 200 million projects.
Multiple Vulnerabilities in Wasmtime Details Package wasmtime Version 0.28.0 Date 2021-09-17 Patched versions >=0.30.0 Use after free passing externrefs to Wasm in Wasmtime Out-of-bounds read/wr...

view this post on Zulip Till Schneidereit (Sep 24 2021 at 08:10):

hey @Stephan Renatus :wave: While I don't know how one could make this work for all language embeddings, one thing you could do to receive notifications (including a heads-up before the new release) is to subscribe to our sec-announce mailing list

view this post on Zulip Stephan Renatus (Sep 24 2021 at 08:18):

@Till Schneidereit thanks that'll do! subscribed :check:

view this post on Zulip Notification Bot (Sep 24 2021 at 08:24):

Stephan Renatus has marked this topic as resolved.


Last updated: Dec 23 2024 at 13:07 UTC