[Bug]: Segmentation fault in `time` crate
JuxhinDB opened this issue · 0 comments
JuxhinDB commented
Contact Details
No response
What happened?
Multiple crates rely on the chrono crate which relies on a vulnerable version of the time crate (v0.1.45) containing a security advisory (CVE-2020-26235). These crates should be updated to either (a) a newer version or (b) reduced feature flags.
Relevant log output
cargo audit
Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
Loaded 487 security advisories (from /home/juxhin/.cargo/advisory-db)
Updating crates.io index
Scanning Cargo.lock for vulnerabilities (251 crate dependencies)
Crate: time
Version: 0.1.45
Title: Potential segfault in the time crate
Date: 2020-11-18
ID: RUSTSEC-2020-0071
URL: https://rustsec.org/advisories/RUSTSEC-2020-0071
Solution: Upgrade to >=0.2.23
Dependency tree:
time 0.1.45
└── chrono 0.4.23
├── procfs 0.14.2
│ └── bpf-common 0.4.0
│ ├── test-suite 0.4.0
│ ├── pulsar-module-as-library 0.1.0
│ ├── pulsar-core 0.4.0
│ │ ├── rules-engine 0.4.0
│ │ │ └── pulsar 0.4.0
│ │ │ ├── pulsar-extension-module 0.1.0
│ │ │ └── pulsar-embedded-agent 0.1.0
│ │ ├── pulsar-extension-module 0.1.0
│ │ ├── pulsar-embedded-agent 0.1.0
│ │ ├── pulsar 0.4.0
│ │ ├── process-monitor 0.4.0
│ │ │ ├── test-suite 0.4.0
│ │ │ └── pulsar 0.4.0
│ │ ├── network-monitor 0.4.0
│ │ │ ├── test-suite 0.4.0
│ │ │ ├── pulsar-module-as-library 0.1.0
│ │ │ └── pulsar 0.4.0
│ │ ├── logger 0.4.0
│ │ │ └── pulsar 0.4.0
│ │ ├── file-system-monitor 0.4.0
│ │ │ ├── test-suite 0.4.0
│ │ │ └── pulsar 0.4.0
│ │ ├── engine-api 0.4.0
│ │ │ └── pulsar 0.4.0
│ │ └── desktop-notifier 0.1.0
│ │ └── pulsar 0.4.0
│ ├── pulsar 0.4.0
│ ├── process-monitor 0.4.0
│ ├── network-monitor 0.4.0
│ ├── logger 0.4.0
│ ├── file-system-monitor 0.4.0
│ └── desktop-notifier 0.1.0
└── logger 0.4.0
error: 1 vulnerability found!Code of Conduct
- I agree to follow this project's Code of Conduct