Dear maintainer(s), 'cargo audit' reports one or more bundled CRATES as vulnerable. To reproduce please install dev-util/cargo-audit and run: cargo audit --file Cargo.lock where Cargo.lock is generated during the build of this package. For simplicity, I'm attaching here the content of 'cargo audit' here: Loaded 433 security advisories (from /tmp/advisory-db) Scanning Cargo.lock for vulnerabilities (418 crate dependencies) Crate: chrono Version: 0.4.19 Title: Potential segfault in `localtime_r` invocations Date: 2020-11-10 ID: RUSTSEC-2020-0159 URL: https://rustsec.org/advisories/RUSTSEC-2020-0159 Solution: Upgrade to >=0.4.20 Dependency tree: chrono 0.4.19 Crate: time Version: 0.1.44 Title: Potential segfault in the time crate Date: 2020-11-18 ID: RUSTSEC-2020-0071 URL: https://rustsec.org/advisories/RUSTSEC-2020-0071 Solution: Upgrade to >=0.2.23 Dependency tree: time 0.1.44 error: 2 vulnerabilities found!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0fae67e5cc0997c5425fcc37f74e7c1008a17c52 commit 0fae67e5cc0997c5425fcc37f74e7c1008a17c52 Author: Alexey Zapparov <alexey@zapparov.com> AuthorDate: 2022-12-21 22:34:19 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-12-24 07:15:59 +0000 app-shells/starship: revbump 1.10.3-r1 Bug: https://bugs.gentoo.org/864034 Signed-off-by: Alexey Zapparov <alexey@zapparov.com> Closes: https://github.com/gentoo/gentoo/pull/28749 Signed-off-by: Sam James <sam@gentoo.org> .../files/starship-1.10.3-no-old-time.patch | 109 +++++++++++++++++++++ ...hip-1.10.3.ebuild => starship-1.10.3-r1.ebuild} | 2 + 2 files changed, 111 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=414064d809ff6df04fab405773686a63f8b89cc3 commit 414064d809ff6df04fab405773686a63f8b89cc3 Author: Alexey Zapparov <alexey@zapparov.com> AuthorDate: 2022-12-21 22:18:28 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-12-24 07:15:59 +0000 app-shells/starship: revbump 1.11.0-r1 Bug: https://bugs.gentoo.org/864034 Signed-off-by: Alexey Zapparov <alexey@zapparov.com> Signed-off-by: Sam James <sam@gentoo.org> .../files/starship-1.11.0-no-old-time.patch | 109 +++++++++++++++++++++ ...hip-1.11.0.ebuild => starship-1.11.0-r1.ebuild} | 2 + 2 files changed, 111 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=be353eed8fd5aa0ddb07c2d9ccc25b9171dbb3f3 commit be353eed8fd5aa0ddb07c2d9ccc25b9171dbb3f3 Author: Alexey Zapparov <alexey@zapparov.com> AuthorDate: 2022-12-21 22:09:08 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-12-24 07:15:59 +0000 app-shells/starship: add 1.12.0 Bug: https://bugs.gentoo.org/864034 Signed-off-by: Alexey Zapparov <alexey@zapparov.com> Signed-off-by: Sam James <sam@gentoo.org> app-shells/starship/Manifest | 94 +++++ .../files/starship-1.12.0-no-old-time.patch | 109 ++++++ app-shells/starship/starship-1.12.0.ebuild | 431 +++++++++++++++++++++ 3 files changed, 634 insertions(+)
All done, thank you!
