Actions
Bug #21555
closedPotential segfault in chrono
Status:
Released
Priority:
N/A
Assignee:
Category:
Relay server or API
Target version:
Pull Request:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
Checked
Regression:
No
Description
+ cargo deny check [2022-08-04T20:49:12.666Z] error[A001]: Potential segfault in `localtime_r` invocations [2022-08-04T20:49:12.666Z] ┌─ /srv/jenkins/workspace/dependencies_branches_rudder_7.2/relay/sources/relayd/Cargo.lock:19:1 [2022-08-04T20:49:12.667Z] │ [2022-08-04T20:49:12.667Z] 19 │ chrono 0.4.19 registry+https://github.com/rust-lang/crates.io-index [2022-08-04T20:49:12.667Z] │ ------------------------------------------------------------------- security vulnerability detected [2022-08-04T20:49:12.667Z] │ [2022-08-04T20:49:12.667Z] = ID: RUSTSEC-2020-0159 [2022-08-04T20:49:12.667Z] = Advisory: https://rustsec.org/advisories/RUSTSEC-2020-0159 [2022-08-04T20:49:12.667Z] = ### Impact [2022-08-04T20:49:12.667Z] [2022-08-04T20:49:12.667Z] Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library. [2022-08-04T20:49:12.667Z] [2022-08-04T20:49:12.667Z] ### Workarounds [2022-08-04T20:49:12.667Z] [2022-08-04T20:49:12.667Z] No workarounds are known. [2022-08-04T20:49:12.667Z] [2022-08-04T20:49:12.667Z] ### References [2022-08-04T20:49:12.667Z] [2022-08-04T20:49:12.667Z] - [time-rs/time#293](https://github.com/time-rs/time/issues/293) [2022-08-04T20:49:12.667Z] = Announcement: https://github.com/chronotope/chrono/issues/499 [2022-08-04T20:49:12.667Z] = Solution: Upgrade to >=0.4.20 [2022-08-04T20:49:12.667Z] = chrono v0.4.19 [2022-08-04T20:49:12.667Z] ├── diesel v1.4.8 [2022-08-04T20:49:12.667Z] │ └── rudder-relayd v0.0.0-dev [2022-08-04T20:49:12.667Z] └── rudder-relayd v0.0.0-dev (*)
Updated by Alexis Mousset over 2 years ago
- Status changed from New to In progress
- Assignee set to Alexis Mousset
Updated by Alexis Mousset over 2 years ago
- Status changed from In progress to Pending technical review
- Assignee changed from Alexis Mousset to François ARMAND
- Pull Request set to https://github.com/Normation/rudder/pull/4421
Updated by Alexis Mousset over 2 years ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder|0fc37329d1730a2e301cf5fbb6402e5f5176a8d5.
Updated by Alexis Mousset over 2 years ago
- Fix check changed from To do to Checked
Updated by Vincent MEMBRÉ over 2 years ago
- Status changed from Pending release to Released
This bug has been fixed in Rudder 7.2.0~rc1 which was released today.
Actions