Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN652
_____________________________________________________________________

DATE                : 18/06/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running onering versions 1.4.1.

=====================================================================
https://rustsec.org/advisories/RUSTSEC-2026-0175.html
_____________________________________________________________________


RUSTSEC-2026-0175

onering 1.4.1 was removed from crates.io for malicious code

Reported       June 10, 2026 
Issued         June 10, 2026 
Package        onering (crates.io) 
Type           Vulnerability 
Categories     malicious

Patched    no patched versions
 
Unaffected        <1.4.1
                  >1.4.1

Description

A new version of the onering crate was published with code that
attempted to exfiltrate both metadata and code from the project
it was included within.

One malicious version was published on 2026-06-10, approximately
six hours before removal. This crate has no dependencies on
crates.io, and there is no evidence of actual usage of the
compromised version.

Thanks to Charlie Eriksen for the report.


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================