Project

General

Profile

Bug #21555

Updated by Alexis Mousset over 1 year ago

<pre> 
 + cargo deny check 
 

 [2022-08-04T20:49:12.666Z] error[A001]: Potential segfault in `localtime_r` invocations 
 

 [2022-08-04T20:49:12.666Z]      ┌─ /srv/jenkins/workspace/dependencies_branches_rudder_7.2/relay/sources/relayd/Cargo.lock:19:1 
 

 [2022-08-04T20:49:12.667Z]      │ 
 

 [2022-08-04T20:49:12.667Z] 19 │ chrono 0.4.19 registry+https://github.com/rust-lang/crates.io-index 
 

 [2022-08-04T20:49:12.667Z]      │ ------------------------------------------------------------------- security vulnerability detected 
 

 [2022-08-04T20:49:12.667Z]      │ 
 

 [2022-08-04T20:49:12.667Z]      = ID: RUSTSEC-2020-0159 
 

 [2022-08-04T20:49:12.667Z]      = Advisory: https://rustsec.org/advisories/RUSTSEC-2020-0159 
 

 [2022-08-04T20:49:12.667Z]      = ### Impact 
 

 [2022-08-04T20:49:12.667Z]       
       

 [2022-08-04T20:49:12.667Z]        Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library. 
 

 [2022-08-04T20:49:12.667Z]       
       

 [2022-08-04T20:49:12.667Z]        ### Workarounds 
 

 [2022-08-04T20:49:12.667Z]       
       

 [2022-08-04T20:49:12.667Z]        No workarounds are known. 
 

 [2022-08-04T20:49:12.667Z]       
       

 [2022-08-04T20:49:12.667Z]        ### References 
 

 [2022-08-04T20:49:12.667Z]       
       

 [2022-08-04T20:49:12.667Z]        - [time-rs/time#293](https://github.com/time-rs/time/issues/293) 
 

 [2022-08-04T20:49:12.667Z]      = Announcement: https://github.com/chronotope/chrono/issues/499 
 

 [2022-08-04T20:49:12.667Z]      = Solution: Upgrade to >=0.4.20 
 

 [2022-08-04T20:49:12.667Z]      = chrono v0.4.19 
 

 [2022-08-04T20:49:12.667Z]        ├── diesel v1.4.8 
 

 [2022-08-04T20:49:12.667Z]        │     └── rudder-relayd v0.0.0-dev 
 

 [2022-08-04T20:49:12.667Z]        └── rudder-relayd v0.0.0-dev (*) 
 

 </pre>

Back