Skip to content
This repository has been archived by the owner on Oct 25, 2023. It is now read-only.

RUSTSEC-2020-0159: Potential segfault in localtime_r invocations #169

Open
github-actions bot opened this issue Oct 19, 2021 · 1 comment
Open

RUSTSEC-2020-0159: Potential segfault in localtime_r invocations #169

github-actions bot opened this issue Oct 19, 2021 · 1 comment

Comments

@github-actions
Copy link

Potential segfault in localtime_r invocations

Details
Package chrono
Version 0.4.19
URL chronotope/chrono#499
Date 2020-11-10

Impact

Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.

Workarounds

No workarounds are known.

References

See advisory page for additional details.
@cljoly
Copy link
Owner

cljoly commented Oct 27, 2021

This is a security issue in a dependency of chronos, let's wait for an update

@cljoly cljoly mentioned this issue Oct 27, 2021
Closed
cljoly added a commit that referenced this issue Dec 2, 2021
@cljoly
chore: ignore some vulnerabilities that don’t affect us
a275bb0 
See #169 for more background
@cljoly cljoly mentioned this issue Dec 2, 2021
Merged
cljoly added a commit that referenced this issue Dec 2, 2021
@cljoly
chore: ignore some vulnerabilities that don’t affect us
7a42f68 
See #169 for more background
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@cljoly