Wasmtime GitHub notifications bot (Apr 16 2026 at 00:23): Wasmtime GitHub notifications bot (Apr 16 2026 at 00:23):github-actions[bot] opened issue #13116:
Name constraints for URI names were incorrectly accepted
Details Package rustls-webpkiVersion 0.103.10Date 2026-04-14 Patched versions >=0.103.12, <0.104.0-alpha.1,>=0.104.0-alpha.6Name constraints for URI names were ignored and therefore accepted.
Note this library does not provide an API for asserting URI names, and URI name constraints are otherwise not implemented. URI name constraints are now rejected unconditionally.
Since name constraints are restrictions on otherwise properly-issued certificates, this bug is reachable only after signature verification and requires misissuance to exploit.
This vulnerability is identified as GHSA-965h-392x-2mh5. Thank you to @1seal for the report.
See advisory page for additional details.
Wasmtime GitHub notifications bot (Apr 20 2026 at 18:10):pchickey closed issue #13116:
Name constraints for URI names were incorrectly accepted
Details Package rustls-webpkiVersion 0.103.10Date 2026-04-14 Patched versions >=0.103.12, <0.104.0-alpha.1,>=0.104.0-alpha.6Name constraints for URI names were ignored and therefore accepted.
Note this library does not provide an API for asserting URI names, and URI name constraints are otherwise not implemented. URI name constraints are now rejected unconditionally.
Since name constraints are restrictions on otherwise properly-issued certificates, this bug is reachable only after signature verification and requires misissuance to exploit.
This vulnerability is identified as GHSA-965h-392x-2mh5. Thank you to @1seal for the report.
See advisory page for additional details.
Last updated: May 03 2026 at 22:13 UTC