Rudder

07:42:46 cargo deny check
07:42:47 error[A001]: Buffer overflow in SmallVec::insert_many
07:42:47     ┌─ /home/jenkins/workspace/rudder-relayd-6.1/relay/sources/relayd/Cargo.lock:186:1
07:42:47     │
07:42:47 186 │ smallvec 0.6.13 registry+https://github.com/rust-lang/crates.io-index
07:42:47     │ --------------------------------------------------------------------- security vulnerability detected
07:42:47     │
07:42:47     = ID: RUSTSEC-2021-0003
07:42:47     = Advisory: https://rustsec.org/advisories/RUSTSEC-2021-0003
07:42:47     = A bug in the `SmallVec::insert_many` method caused it to allocate a buffer that was smaller than needed.  It then wrote past the end of the buffer, causing a buffer overflow and memory corruption on the heap.
07:42:47       
07:42:47       This bug was only triggered if the iterator passed to `insert_many` yielded more items than the lower bound returned from its `size_hint` method.
07:42:47        
07:42:47       The flaw was corrected in smallvec 0.6.14 and 1.6.1, by ensuring that additional space is always reserved for each item inserted.  The fix also simplified the implementation of `insert_many` to use less unsafe code, so it is easier to verify its correctness.
07:42:47       
07:42:47       Thank you to Yechan Bae (@Qwaz) and the Rust group at Georgia Tech’s SSLab for finding and reporting this bug.
07:42:47     = Announcement: https://github.com/servo/rust-smallvec/issues/252
07:42:47     = Solution: Upgrade to >=0.6.14, <1.0.0 OR >=1.6.1