Actions
Bug #5259
closedrust: update time dependency
Affected Versions:
Effort:
Difficulty:
Label:
Description
Crate: time
Version: 0.1.44
Title: Potential segfault in the time crate
Date: 2020-11-18
ID: RUSTSEC-2020-0071
URL: https://rustsec.org/advisories/RUSTSEC-2020-0071
Solution: Upgrade to >=0.2.23
Dependency tree:
time 0.1.44
└── x509-parser 0.6.5
└── suricata 7.0.0-dev
Updated by Victor Julien over 3 years ago
- Status changed from New to Assigned
- Assignee changed from OISF Dev to Jason Ish
Updated by Jeff Lucovsky over 3 years ago
- Copied to Bug #5265: rust: update time dependency added
Updated by Jeff Lucovsky over 3 years ago
- Copied to Bug #5266: rust: update time dependency added
Updated by Jason Ish over 3 years ago
Updating to x509-parser v0.13.0 which uses a fixed version of time brings our MSRV up to Rust 1.53 which is not acceptable for backports.
While its hard to quantify how this issue affects us, I believe it has to do with calls with `localtime_r` in one thread while another thread is fiddling with the TZ environment variable. The only calls we have to localtime_r come from Suricata itself, or the time crate via x509-parser, neither of which are fiddling with environment variables around their calls to localtime_r.
Updated by Victor Julien over 3 years ago
- Label deleted (
Needs backport to 5.0, Needs backport to 6.0)
Updated by Victor Julien about 3 years ago
- Target version changed from TBD to 7.0.0-beta1
Updated by Victor Julien about 3 years ago
time is now at 0.3.13, so this can be closed @Jason Ish ?
Updated by Jason Ish about 3 years ago
- Status changed from Assigned to Closed
Closing. Confirmed that this is no longer an issue with cargo audit.
Actions