Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SECURITY] - upgrade chrono->time dependency #46

Closed
1 of 4 tasks
sagiegurari opened this issue Jun 10, 2023 · 1 comment
Closed
1 of 4 tasks

[SECURITY] - upgrade chrono->time dependency #46

sagiegurari opened this issue Jun 10, 2023 · 1 comment
Assignees
@veeso
Labels
security Security related issue

Comments

@sagiegurari
Copy link

Description

Chrono version used by this crate is really old and its using a really old time crate with a security issue (possible segmentation fault).
see
time-rs/time#293
chronotope/chrono#499

Severity:

  • critical
  • high
  • medium
  • low

A clear and concise description of the security vulnerability.

Additional information

Add any other context about the problem here.
@sagiegurari sagiegurari added the security Security related issue label Jun 10, 2023
@veeso
Copy link
Owner

veeso commented Jun 14, 2023

Thanks for reporting, fixed in 5.1.2

No, actually chrono is the latest version, the issue is that the latest version comes with the security issue if clock feature is not enabled.

veeso added a commit that referenced this issue Jun 14, 2023
@veeso
Added clock feature to chrono to overcome security issue with time <
d60245b 
#46>
@veeso veeso closed this as completed Jun 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@veeso veeso

Labels
security Security related issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sagiegurari @veeso