cargo-vet: audit libbz2-rs-sys

divviup · Dec 17, 2024 · 7f6c306 · 7f6c306
1 parent 3ad1230
commit 7f6c306
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/supply-chain/audits.toml b/supply-chain/audits.toml
@@ -388,6 +388,20 @@ who = "Brandon Pitman <[email protected]>"
 criteria = "safe-to-deploy"
 delta = "0.1.3 -> 0.1.4"
 
+[[audits.libbz2-rs-sys]]
+who = "Ameer Ghani <[email protected]>"
+criteria = "safe-to-deploy"
+version = "0.1.1"
+notes = """
+libbz2-rs-sys mainly uses unsafe around the C FFI boundary, for libc interop,
+and for custom allocation support. Most end-user-facing decompression logic
+is in safe Rust. I have fuzzed and reviewed its code, and to the best of my
+ability I believe it's free of any serious security vulnerabilities.
+
+libbz2-rs-sys only depends on the libc crate, which is widely used and
+maintained Rust developers.
+"""
+
 [[audits.libc]]
 who = "Brandon Pitman <[email protected]>"
 criteria = "safe-to-deploy"