Project

General

Profile

Actions
Copy link

Bug #5266

closed

rust: update time dependency

Added by Jeff Lucovsky about 2 years ago. Updated 3 months ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Target version:
-
Affected Versions:
Effort:
Difficulty:
Label:

Description

Crate:         time
Version:       0.1.44
Title:         Potential segfault in the time crate
Date:          2020-11-18
ID:            RUSTSEC-2020-0071
URL:           https://rustsec.org/advisories/RUSTSEC-2020-0071
Solution:      Upgrade to >=0.2.23
Dependency tree: 
time 0.1.44
└── x509-parser 0.6.5
    └── suricata 7.0.0-dev

Related issues 2 (0 open2 closed)

Related to Suricata - Bug #5439: Invalid certificate when Issuer is not present. ClosedPhilippe AntoineActions
Copied from Suricata - Bug #5259: rust: update time dependencyClosedJason IshActions
Actions
Copy link
 #1

Updated by Jeff Lucovsky about 2 years ago

  • Copied from Bug #5259: rust: update time dependency added
Actions
Copy link
 #2

Updated by Victor Julien almost 2 years ago

  • Target version changed from 6.0.5 to 6.0.6
Actions
Copy link
 #3

Updated by Victor Julien almost 2 years ago

  • Target version changed from 6.0.6 to 6.0.7
Actions
Copy link
 #4

Updated by Victor Julien over 1 year ago

  • Target version changed from 6.0.7 to 6.0.8
Actions
Copy link
 #5

Updated by Victor Julien over 1 year ago

  • Target version changed from 6.0.8 to 6.0.9
Actions
Copy link
 #6

Updated by Victor Julien over 1 year ago

  • Target version changed from 6.0.9 to 6.0.10
Actions
Copy link
 #7

Updated by Jason Ish about 1 year ago

  • Target version changed from 6.0.10 to 6.0.11

Pushing forward 6.0.11.

This might be out of scope for 6.0 in general. Updating x509-parser to remove this time dependency requires us to move to x509-parser version 0.13.0 which requires Rust 1.53+.

Currently, Suricata 6.0.0 is still trying to support Rust 1.41.1.

Actions
Copy link
 #8

Updated by Jason Ish about 1 year ago

  • Target version changed from 6.0.11 to 6.0.12

Pushing forward again for the same reasons as before. Fixing this audit warning requires updating x509-parser and this ripples into updating the MSRV, etc.

Actions
Copy link
 #9

Updated by Victor Julien 12 months ago

  • Target version changed from 6.0.12 to 6.0.13
Actions
Copy link
 #10

Updated by Jason Ish 11 months ago

Do we want to keep carrying this forward? It does require non-trivial changes I believe, and a new MSRV.

Actions
Copy link
 #11

Updated by Victor Julien 11 months ago

  • Target version changed from 6.0.13 to 6.0.14
Actions
Copy link
 #12

Updated by Jason Ish 10 months ago

  • Related to Bug #5439: Invalid certificate when Issuer is not present. added
Actions
Copy link
 #13

Updated by Jason Ish 8 months ago

  • Target version changed from 6.0.14 to 6.0.15
Actions
Copy link
 #14

Updated by Jason Ish 6 months ago

  • Target version changed from 6.0.15 to 6.0.16
Actions
Copy link
 #15

Updated by Victor Julien 5 months ago

  • Target version changed from 6.0.16 to 6.0.17
Actions
Copy link
 #16

Updated by Victor Julien 3 months ago

  • Status changed from Assigned to Rejected
  • Assignee deleted (Jason Ish)
  • Target version deleted (6.0.17)

Rejecting as 6.0.x is now in extended support and EOL in 6 months.

Actions
Copy link

Also available in: Atom PDF