Skip to content

Commit

Permalink
Merge #135
Browse files Browse the repository at this point in the history
135: RUSTSEC-2020-0071 and RUSTSEC-2020-0159: Potential segfault in localtime_r invocations r=foresterre a=foresterre

Time crate has been updated, but we depend on chrono and are waiting for it to update. The PR is open but the maintainer seems unresponsive. For now, we'll wait a bit as it's actually very unlikely for the segfault to take place, and, the impact on cargo-msrv is not significant.
In time, we may want to replace chrono, assuming it's unmaintained.

ref chronotope/chrono#578

Co-authored-by: Martijn Gribnau <[email protected]>
  • Loading branch information
bors[bot] and foresterre authored Oct 21, 2021
2 parents a2bb835 + 50a183a commit fcea8a7
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions deny.toml
Original file line number Diff line number Diff line change
Expand Up @@ -15,5 +15,13 @@ vulnerability = "deny"
unmaintained = "deny"
notice = "deny"
ignore = [
# stdweb is unmaintained
"RUSTSEC-2020-0056",

# Potential segfault in the time crate
# NB: has been fixed in time >=0.2.23, however waiting on chrono crate to update
# chrono PR: https://github.com/chronotope/chrono/pull/578
"RUSTSEC-2020-0071",
# Potential segfault in localtime_r invocations, see 0071
"RUSTSEC-2020-0159",
]

0 comments on commit fcea8a7

Please sign in to comment.