Actions
Bug #5259
closed
VJ
JI
rust: update time dependency
Bug #5259:
rust: update time dependency
Affected Versions:
Effort:
Difficulty:
Label:
Description
Crate: time
Version: 0.1.44
Title: Potential segfault in the time crate
Date: 2020-11-18
ID: RUSTSEC-2020-0071
URL: https://rustsec.org/advisories/RUSTSEC-2020-0071
Solution: Upgrade to >=0.2.23
Dependency tree:
time 0.1.44
└── x509-parser 0.6.5
└── suricata 7.0.0-dev
VJ Updated by Victor Julien about 4 years ago
- Status changed from New to Assigned
- Assignee changed from OISF Dev to Jason Ish
JL Updated by Jeff Lucovsky about 4 years ago
- Copied to Bug #5265: rust: update time dependency added
JL Updated by Jeff Lucovsky about 4 years ago
- Copied to Bug #5266: rust: update time dependency added
JI Updated by Jason Ish almost 4 years ago
Updating to x509-parser v0.13.0 which uses a fixed version of time brings our MSRV up to Rust 1.53 which is not acceptable for backports.
While its hard to quantify how this issue affects us, I believe it has to do with calls with `localtime_r` in one thread while another thread is fiddling with the TZ environment variable. The only calls we have to localtime_r come from Suricata itself, or the time crate via x509-parser, neither of which are fiddling with environment variables around their calls to localtime_r.
VJ Updated by Victor Julien over 3 years ago
- Label deleted (
Needs backport to 5.0, Needs backport to 6.0)
VJ Updated by Victor Julien over 3 years ago
- Target version changed from TBD to 7.0.0-beta1
VJ Updated by Victor Julien over 3 years ago
time is now at 0.3.13, so this can be closed @Jason Ish ?
JI Updated by Jason Ish over 3 years ago
- Status changed from Assigned to Closed
Closing. Confirmed that this is no longer an issue with cargo audit.
Actions