- Reported
-
- Issued
-
- Package
-
matrix-sdk-crypto
(crates.io)
- Type
-
INFO
Notice
- Categories
-
- Aliases
-
- References
-
- Patched
-
Description
Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated
mechanism to notify that a user's cryptographic identity has changed from a
verified to an unverified one, which could cause client applications relying on
the SDK to overlook such changes.
matrix-sdk-crypto 0.8.0 adds a new VerificationLevel::VerificationViolation
enum variant which indicates that a previously verified identity has been
changed.
Advisory available under CC0-1.0
license.