Project

General

Profile

Actions

Bug #5266

closed

rust: update time dependency

Added by Jeff Lucovsky over 2 years ago. Updated 11 months ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Target version:
-
Affected Versions:
Effort:
Difficulty:
Label:

Description

Crate:         time
Version:       0.1.44
Title:         Potential segfault in the time crate
Date:          2020-11-18
ID:            RUSTSEC-2020-0071
URL:           https://rustsec.org/advisories/RUSTSEC-2020-0071
Solution:      Upgrade to >=0.2.23
Dependency tree: 
time 0.1.44
└── x509-parser 0.6.5
    └── suricata 7.0.0-dev

Related issues 2 (0 open2 closed)

Related to Suricata - Bug #5439: Invalid certificate when Issuer is not present. ClosedPhilippe AntoineActions
Copied from Suricata - Bug #5259: rust: update time dependencyClosedJason IshActions
Actions #1

Updated by Jeff Lucovsky over 2 years ago

  • Copied from Bug #5259: rust: update time dependency added
Actions #2

Updated by Victor Julien over 2 years ago

  • Target version changed from 6.0.5 to 6.0.6
Actions #3

Updated by Victor Julien over 2 years ago

  • Target version changed from 6.0.6 to 6.0.7
Actions #4

Updated by Victor Julien about 2 years ago

  • Target version changed from 6.0.7 to 6.0.8
Actions #5

Updated by Victor Julien about 2 years ago

  • Target version changed from 6.0.8 to 6.0.9
Actions #6

Updated by Victor Julien about 2 years ago

  • Target version changed from 6.0.9 to 6.0.10
Actions #7

Updated by Jason Ish almost 2 years ago

  • Target version changed from 6.0.10 to 6.0.11

Pushing forward 6.0.11.

This might be out of scope for 6.0 in general. Updating x509-parser to remove this time dependency requires us to move to x509-parser version 0.13.0 which requires Rust 1.53+.

Currently, Suricata 6.0.0 is still trying to support Rust 1.41.1.

Actions #8

Updated by Jason Ish over 1 year ago

  • Target version changed from 6.0.11 to 6.0.12

Pushing forward again for the same reasons as before. Fixing this audit warning requires updating x509-parser and this ripples into updating the MSRV, etc.

Actions #9

Updated by Victor Julien over 1 year ago

  • Target version changed from 6.0.12 to 6.0.13
Actions #10

Updated by Jason Ish over 1 year ago

Do we want to keep carrying this forward? It does require non-trivial changes I believe, and a new MSRV.

Actions #11

Updated by Victor Julien over 1 year ago

  • Target version changed from 6.0.13 to 6.0.14
Actions #12

Updated by Jason Ish over 1 year ago

  • Related to Bug #5439: Invalid certificate when Issuer is not present. added
Actions #13

Updated by Jason Ish over 1 year ago

  • Target version changed from 6.0.14 to 6.0.15
Actions #14

Updated by Jason Ish about 1 year ago

  • Target version changed from 6.0.15 to 6.0.16
Actions #15

Updated by Victor Julien about 1 year ago

  • Target version changed from 6.0.16 to 6.0.17
Actions #16

Updated by Victor Julien 11 months ago

  • Status changed from Assigned to Rejected
  • Assignee deleted (Jason Ish)
  • Target version deleted (6.0.17)

Rejecting as 6.0.x is now in extended support and EOL in 6 months.

Actions

Also available in: Atom PDF