Upgrade to sequoia-openpgp 1.16.0, and buffered-reader 1.2.0. (!202) · Merge requests · keys.openpgp.org / hagrid

Neal H. Walfield requested to merge neal/upgrade-sequoia into master May 19, 2023

sequoia-openpgp and buffered-reader contains some vulnerabilities that an attacker can use to crash sequoia-openpgp or buffered-reader and consequently the application. Upgrade to fixed versions.

Please see https://lists.sequoia-pgp.org/hyperkitty/list/announce@lists.sequoia-pgp.org/thread/SN2E3QRT4DMQ5JNEK6VIN6DJ5SH766DI/ for details.

Upgrade to sequoia-openpgp 1.16.0, and buffered-reader 1.2.0.

Merge request reports