Bug #21555
Updated by Alexis Mousset over 2 years ago
<pre> + cargo deny check [2022-08-04T20:49:12.666Z] error[A001]: Potential segfault in `localtime_r` invocations [2022-08-04T20:49:12.666Z] ┌─ /srv/jenkins/workspace/dependencies_branches_rudder_7.2/relay/sources/relayd/Cargo.lock:19:1 [2022-08-04T20:49:12.667Z] │ [2022-08-04T20:49:12.667Z] 19 │ chrono 0.4.19 registry+https://github.com/rust-lang/crates.io-index [2022-08-04T20:49:12.667Z] │ ------------------------------------------------------------------- security vulnerability detected [2022-08-04T20:49:12.667Z] │ [2022-08-04T20:49:12.667Z] = ID: RUSTSEC-2020-0159 [2022-08-04T20:49:12.667Z] = Advisory: https://rustsec.org/advisories/RUSTSEC-2020-0159 [2022-08-04T20:49:12.667Z] = ### Impact [2022-08-04T20:49:12.667Z] [2022-08-04T20:49:12.667Z] Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library. [2022-08-04T20:49:12.667Z] [2022-08-04T20:49:12.667Z] ### Workarounds [2022-08-04T20:49:12.667Z] [2022-08-04T20:49:12.667Z] No workarounds are known. [2022-08-04T20:49:12.667Z] [2022-08-04T20:49:12.667Z] ### References [2022-08-04T20:49:12.667Z] [2022-08-04T20:49:12.667Z] - [time-rs/time#293](https://github.com/time-rs/time/issues/293) [2022-08-04T20:49:12.667Z] = Announcement: https://github.com/chronotope/chrono/issues/499 [2022-08-04T20:49:12.667Z] = Solution: Upgrade to >=0.4.20 [2022-08-04T20:49:12.667Z] = chrono v0.4.19 [2022-08-04T20:49:12.667Z] ├── diesel v1.4.8 [2022-08-04T20:49:12.667Z] │ └── rudder-relayd v0.0.0-dev [2022-08-04T20:49:12.667Z] └── rudder-relayd v0.0.0-dev (*) </pre>