Using xcb which is unmaintained and has multiple soundness issues
PurpleBooth opened this issue · 2 comments
PurpleBooth commented
This is a great library, but it's started breaking my build because it's using a unmaintained library that has a number of vulnerabilities.
cargo audit
Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
Loaded 278 security advisories (from /Users/billie/.cargo/advisory-db)
Updating crates.io index
Updating crates.io index
Scanning Cargo.lock for vulnerabilities (48 crate dependencies)
error: Vulnerable crates found!
ID: RUSTSEC-2021-0019
Crate: xcb
Version: 0.9.0
Date: 2021-02-04
URL: https://rustsec.org/advisories/RUSTSEC-2021-0019
Title: Multiple soundness issues
Solution: No safe upgrade is available!
Dependency tree:
xcb 0.9.0
└── x11-clipboard 0.5.1
└── copypasta 0.7.1
error: 1 vulnerability found!
chrisduerr commented
I don't believe any of these issues affect copypasta.
PurpleBooth commented
Cool, I just wanted to be sure.