Actions
Bug #5259
closedrust: update time dependency
Affected Versions:
Effort:
Difficulty:
Label:
Description
Crate: time Version: 0.1.44 Title: Potential segfault in the time crate Date: 2020-11-18 ID: RUSTSEC-2020-0071 URL: https://rustsec.org/advisories/RUSTSEC-2020-0071 Solution: Upgrade to >=0.2.23 Dependency tree: time 0.1.44 └── x509-parser 0.6.5 └── suricata 7.0.0-dev
Updated by Victor Julien over 2 years ago
- Status changed from New to Assigned
- Assignee changed from OISF Dev to Jason Ish
Updated by Jeff Lucovsky over 2 years ago
- Copied to Bug #5265: rust: update time dependency added
Updated by Jeff Lucovsky over 2 years ago
- Copied to Bug #5266: rust: update time dependency added
Updated by Jason Ish over 2 years ago
Updating to x509-parser v0.13.0 which uses a fixed version of time brings our MSRV up to Rust 1.53 which is not acceptable for backports.
While its hard to quantify how this issue affects us, I believe it has to do with calls with `localtime_r` in one thread while another thread is fiddling with the TZ environment variable. The only calls we have to localtime_r come from Suricata itself, or the time
crate via x509-parser
, neither of which are fiddling with environment variables around their calls to localtime_r
.
Updated by Victor Julien over 2 years ago
- Label deleted (
Needs backport to 5.0, Needs backport to 6.0)
Updated by Victor Julien about 2 years ago
- Target version changed from TBD to 7.0.0-beta1
Updated by Victor Julien about 2 years ago
time is now at 0.3.13, so this can be closed @Jason Ish ?
Updated by Jason Ish about 2 years ago
- Status changed from Assigned to Closed
Closing. Confirmed that this is no longer an issue with cargo audit.
Actions