Explicitly depend on System.Formats.Asn1 8.0.1

Fixes a denial of service security vulnerability (CVE-2024-38095) in the System.Security.Formats.Asn1 (<= 8.0.0) nuget package.
jstedfast · Jul 11, 2024 · aef4eda · emwl · Jul 15, 2024 · jstedfast
1 parent 7c9d686
commit aef4eda
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 0 deletions.
diff --git a/MimeKit/MimeKit.csproj b/MimeKit/MimeKit.csproj
@@ -65,6 +65,7 @@
 
   <ItemGroup Condition=" $(TargetFramework.StartsWith('netstandard2.')) Or $(TargetFramework.StartsWith('net6')) Or $(TargetFramework.StartsWith('net8')) ">
     <PackageReference Include="System.Security.Cryptography.Pkcs" Version="8.0.0" />
+    <PackageReference Include="System.Formats.Asn1" Version="8.0.1" />
   </ItemGroup>
 
   <ItemGroup Condition=" $(TargetFramework.StartsWith('netstandard2.')) ">

diff --git a/nuget/MimeKit.nuspec b/nuget/MimeKit.nuspec
@@ -80,15 +80,18 @@
       </group>
       <group targetFramework="net6.0">
         <dependency id="System.Security.Cryptography.Pkcs" version="8.0.0" />
+        <dependency id="System.Formats.Asn1" version="8.0.1" />
         <dependency id="BouncyCastle.Cryptography" version="2.4.0" />
       </group>
       <group targetFramework="net8.0">
         <dependency id="System.Security.Cryptography.Pkcs" version="8.0.0" />
+        <dependency id="System.Formats.Asn1" version="8.0.1" />
         <dependency id="BouncyCastle.Cryptography" version="2.4.0" />
       </group>
       <group targetFramework="netstandard2.0">
         <dependency id="System.Runtime.CompilerServices.Unsafe" version="6.0.0" />
         <dependency id="System.Security.Cryptography.Pkcs" version="8.0.0" />
+        <dependency id="System.Formats.Asn1" version="8.0.1" />
         <dependency id="System.Text.Encoding.CodePages" version="8.0.0" />
         <dependency id="System.Data.DataSetExtensions" version="4.5.0" />
         <dependency id="System.Buffers" version="4.5.1" />
@@ -98,6 +101,7 @@
       <group targetFramework="netstandard2.1">
         <dependency id="System.Runtime.CompilerServices.Unsafe" version="6.0.0" />
         <dependency id="System.Security.Cryptography.Pkcs" version="8.0.0" />
+        <dependency id="System.Formats.Asn1" version="8.0.1" />
         <dependency id="System.Text.Encoding.CodePages" version="8.0.0" />
         <dependency id="System.Buffers" version="4.5.1" />
         <dependency id="System.Memory" version="4.5.5" />