Cap'n Proto CVE-2022-46149

Kenton Varda

unread,

Nov 30, 2022, 10:14:22 AM11/30/22

to Cap'n Proto

Hi capnproto,

We have a security advisory today. Although we believe few applications are actually affected, we recommend patching anyway. You can find the details here:

https://github.com/capnproto/capnproto/security/advisories/GHSA-qqff-4vw4-f6hx

-Kenton

tripl...@gmail.com

unread,

Dec 2, 2022, 1:12:10 PM12/2/22

to Cap'n Proto

pycapnp pypi packages have been patched as well https://pypi.org/project/pycapnp/ v1.2.2

(sorry for the delay, my PSU blew up...)

This is only relevant if you use the pypi packages. If you compile pycapnp with system libcapnp you should only have to update your system packages.

-Jacob

Kenton Varda

unread,

Dec 2, 2022, 1:27:37 PM12/2/22

to tripl...@gmail.com, Cap'n Proto

Thanks!

On Fri, Dec 2, 2022 at 12:12 PM tripl...@gmail.com <tripl...@gmail.com> wrote:

This is only relevant if you use the pypi packages. If you compile pycapnp with system libcapnp you should only have to update your system packages.

Note that, unfortunately, you also need to recompile pycapnp against the updated system packages, since part of the change is in inlined code.

-Kenton

Reply all

Reply to author

Forward