Actions
Bug #20160
closedVulnerability in chrono
Pull Request:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
Checked
Regression:
Description
[2021-10-19T00:56:01.317Z] error[A001]: Potential segfault in `localtime_r` invocations [2021-10-19T00:56:01.317Z] ┌─ /srv/jenkins/workspace/pendencies_branches_rudder_6.1_3/relay/sources/relayd/Cargo.lock:27:1 [2021-10-19T00:56:01.317Z] │ [2021-10-19T00:56:01.317Z] 27 │ chrono 0.4.11 registry+https://github.com/rust-lang/crates.io-index [2021-10-19T00:56:01.317Z] │ ------------------------------------------------------------------- security vulnerability detected [2021-10-19T00:56:01.317Z] │ [2021-10-19T00:56:01.317Z] = ID: RUSTSEC-2020-0159 [2021-10-19T00:56:01.317Z] = Advisory: https://rustsec.org/advisories/RUSTSEC-2020-0159 [2021-10-19T00:56:01.317Z] = ### Impact [2021-10-19T00:56:01.317Z] [2021-10-19T00:56:01.317Z] Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library. [2021-10-19T00:56:01.317Z] [2021-10-19T00:56:01.317Z] ### Workarounds [2021-10-19T00:56:01.317Z] [2021-10-19T00:56:01.317Z] No workarounds are known. [2021-10-19T00:56:01.317Z] [2021-10-19T00:56:01.317Z] ### References [2021-10-19T00:56:01.317Z] [2021-10-19T00:56:01.317Z] - [time-rs/time#293](https://github.com/time-rs/time/issues/293) [2021-10-19T00:56:01.317Z] = Announcement: https://github.com/chronotope/chrono/issues/499 [2021-10-19T00:56:01.317Z] = Solution: No safe upgrade is available! [2021-10-19T00:56:01.317Z] = chrono v0.4.11 [2021-10-19T00:56:01.317Z] ├── diesel v1.4.6 [2021-10-19T00:56:01.317Z] │ └── relayd v0.0.0-dev [2021-10-19T00:56:01.317Z] └── relayd v0.0.0-dev (*)
Actions