Vulnerabilities mio and zerocopy dependency

Question

Vulnerabilities mio and zerocopy dependency

comio opened this issue 9 months ago · 1 comments

Dear All,

creating the ebuild for my gentoo box I noticed the following security warnings:

/tmp/mcfly-0.8.4 $ cargo ebuild

Error: Found 2 vulnerabilities:

Crate:    mio
Version:  0.8.9
Title:    Tokens for named pipes may be delivered after deregistration
Date:     2024-03-04
ID:       RUSTSEC-2024-0019
URL:      https://rustsec.org/advisories/RUSTSEC-2024-0019
Solution: Upgrade to >=0.8.11

Crate:    zerocopy
Version:  0.7.28
Title:    Some Ref methods are unsound with some type parameters
Date:     2023-12-14
ID:       RUSTSEC-2023-0074
URL:      https://rustsec.org/advisories/RUSTSEC-2023-0074
Solution: Upgrade to >=0.2.9, <0.3.0 or >=0.3.2, <0.4.0 or >=0.4.1, <0.5.0 or >=0.5.2, <0.6.0 or >=0.6.6, <0.7.0 or >=0.7.31

Please fix the issues or use "--noaudit" flag.

The solution is the upgrade to last libraries.

ciao

luigi

Answer 1 · 2024-04-29T01:34:51.000Z

Fixed on master, thanks!