Dear maintainer(s), 'cargo audit' reports one or more bundled CRATES as vulnerable. To reproduce please install dev-util/cargo-audit and run: cargo audit --file Cargo.lock where Cargo.lock is generated during the build of this package. For simplicity, I'm attaching here the content of 'cargo audit' here: Loaded 433 security advisories (from /tmp/advisory-db) Scanning Cargo.lock for vulnerabilities (544 crate dependencies) Crate: chrono Version: 0.4.19 Title: Potential segfault in `localtime_r` invocations Date: 2020-11-10 ID: RUSTSEC-2020-0159 URL: https://rustsec.org/advisories/RUSTSEC-2020-0159 Solution: Upgrade to >=0.4.20 Dependency tree: chrono 0.4.19 Crate: regex Version: 1.5.4 Title: Regexes with large repetitions on empty sub-expressions take a very long time to parse Date: 2022-03-08 ID: RUSTSEC-2022-0013 URL: https://rustsec.org/advisories/RUSTSEC-2022-0013 Solution: Upgrade to >=1.5.5 Dependency tree: regex 1.5.4 Crate: thread_local Version: 1.1.3 Title: Data race in `Iter` and `IterMut` Date: 2022-01-23 ID: RUSTSEC-2022-0006 URL: https://rustsec.org/advisories/RUSTSEC-2022-0006 Solution: Upgrade to >=1.1.4 Dependency tree: thread_local 1.1.3 Crate: time Version: 0.1.43 Title: Potential segfault in the time crate Date: 2020-11-18 ID: RUSTSEC-2020-0071 URL: https://rustsec.org/advisories/RUSTSEC-2020-0071 Solution: Upgrade to >=0.2.23 Dependency tree: time 0.1.43 Crate: aes-soft Version: 0.6.4 Warning: unmaintained Title: `aes-soft` has been merged into the `aes` crate Date: 2021-04-29 ID: RUSTSEC-2021-0060 URL: https://rustsec.org/advisories/RUSTSEC-2021-0060 Dependency tree: aes-soft 0.6.4 Crate: aesni Version: 0.10.0 Warning: unmaintained Title: `aesni` has been merged into the `aes` crate Date: 2021-04-29 ID: RUSTSEC-2021-0059 URL: https://rustsec.org/advisories/RUSTSEC-2021-0059 Dependency tree: aesni 0.10.0 Crate: serde_cbor Version: 0.11.2 Warning: unmaintained Title: serde_cbor is unmaintained Date: 2021-08-15 ID: RUSTSEC-2021-0127 URL: https://rustsec.org/advisories/RUSTSEC-2021-0127 Dependency tree: serde_cbor 0.11.2 Crate: term_size Version: 0.3.2 Warning: unmaintained Title: `term_size` is unmaintained; use `terminal_size` instead Date: 2020-11-03 ID: RUSTSEC-2020-0163 URL: https://rustsec.org/advisories/RUSTSEC-2020-0163 Dependency tree: term_size 0.3.2 error: 4 vulnerabilities found! warning: 4 allowed warnings found
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=681dd8889e4c38b9c2449257495567b0ab2daf6f commit 681dd8889e4c38b9c2449257495567b0ab2daf6f Author: Sam James <sam@gentoo.org> AuthorDate: 2023-12-24 02:29:27 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-12-24 02:30:04 +0000 app-crypt/sequoia-sq: drop 0.31.0 Bug: https://bugs.gentoo.org/862300 Bug: https://bugs.gentoo.org/864004 Signed-off-by: Sam James <sam@gentoo.org> app-crypt/sequoia-sq/sequoia-sq-0.31.0.ebuild | 511 -------------------------- 1 file changed, 511 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=254d4abc8fc14cc0d6a4fd9b90170f0a0280f061 commit 254d4abc8fc14cc0d6a4fd9b90170f0a0280f061 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-12-24 02:29:13 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-12-24 02:30:02 +0000 app-crypt/sequoia-sq: add 0.32.0 Bug: https://bugs.gentoo.org/862300 Bug: https://bugs.gentoo.org/864004 Signed-off-by: Sam James <sam@gentoo.org> app-crypt/sequoia-sq/Manifest | 261 +++++++++++++ app-crypt/sequoia-sq/sequoia-sq-0.32.0.ebuild | 531 ++++++++++++++++++++++++++ 2 files changed, 792 insertions(+)
