Description
Affected versions contained a possible use-after-free issue with property list iteration
due to a lack of a lifetime constraint tying the lifetime of a proplist::Iterator
to the
Proplist
object for which it was created. This made it possible for users, without
experiencing a compiler error/warning, to destroy the Proplist
object before the iterator,
thus destroying the underlying C object the iterator works upon, before the iterator may be
finished with it.
This impacts all versions of the crate before 2.5.0
back to 1.0.5
. Before version
1.0.5
the function that produces the iterator was broken to the point of being useless.
More Info
https://github.com/jnqnfe/pulse-binding-rust/security/advisories/GHSA-f56g-chqp-22m9
Patched Versions
Unaffected Versions