Project

General

Profile

Actions

Bug #20160

closed

Vulnerability in chrono

Added by Alexis Mousset about 3 years ago. Updated about 3 years ago.

Status:
Released
Priority:
N/A
Category:
Relay server or API
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
Checked
Regression:

Description

[2021-10-19T00:56:01.317Z] error[A001]: Potential segfault in `localtime_r` invocations
[2021-10-19T00:56:01.317Z]    ┌─ /srv/jenkins/workspace/pendencies_branches_rudder_6.1_3/relay/sources/relayd/Cargo.lock:27:1
[2021-10-19T00:56:01.317Z]    │
[2021-10-19T00:56:01.317Z] 27 │ chrono 0.4.11 registry+https://github.com/rust-lang/crates.io-index
[2021-10-19T00:56:01.317Z]    │ ------------------------------------------------------------------- security vulnerability detected
[2021-10-19T00:56:01.317Z]    │
[2021-10-19T00:56:01.317Z]    = ID: RUSTSEC-2020-0159
[2021-10-19T00:56:01.317Z]    = Advisory: https://rustsec.org/advisories/RUSTSEC-2020-0159
[2021-10-19T00:56:01.317Z]    = ### Impact
[2021-10-19T00:56:01.317Z]      
[2021-10-19T00:56:01.317Z]      Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.
[2021-10-19T00:56:01.317Z]      
[2021-10-19T00:56:01.317Z]      ### Workarounds
[2021-10-19T00:56:01.317Z]      
[2021-10-19T00:56:01.317Z]      No workarounds are known.
[2021-10-19T00:56:01.317Z]      
[2021-10-19T00:56:01.317Z]      ### References
[2021-10-19T00:56:01.317Z]      
[2021-10-19T00:56:01.317Z]      - [time-rs/time#293](https://github.com/time-rs/time/issues/293)
[2021-10-19T00:56:01.317Z]    = Announcement: https://github.com/chronotope/chrono/issues/499
[2021-10-19T00:56:01.317Z]    = Solution: No safe upgrade is available!
[2021-10-19T00:56:01.317Z]    = chrono v0.4.11
[2021-10-19T00:56:01.317Z]      ├── diesel v1.4.6
[2021-10-19T00:56:01.317Z]      │   └── relayd v0.0.0-dev
[2021-10-19T00:56:01.317Z]      └── relayd v0.0.0-dev (*)
Actions

Also available in: Atom PDF