Dear maintainer(s), 'cargo audit' reports one or more bundled CRATES as vulnerable. To reproduce please install dev-util/cargo-audit and run: cargo audit --file Cargo.lock where Cargo.lock is generated during the build of this package. For simplicity, I'm attaching here the content of 'cargo audit' here: Loaded 433 security advisories (from /tmp/advisory-db) Scanning Cargo.lock for vulnerabilities (209 crate dependencies) Crate: ammonia Version: 3.1.2 Title: Space bug in `clean_text` Date: 2022-01-19 ID: RUSTSEC-2022-0003 URL: https://rustsec.org/advisories/RUSTSEC-2022-0003 Solution: Upgrade to >=3.1.3 Dependency tree: ammonia 3.1.2 Crate: chrono Version: 0.4.19 Title: Potential segfault in `localtime_r` invocations Date: 2020-11-10 ID: RUSTSEC-2020-0159 URL: https://rustsec.org/advisories/RUSTSEC-2020-0159 Solution: Upgrade to >=0.4.20 Dependency tree: chrono 0.4.19 Crate: time Version: 0.1.43 Title: Potential segfault in the time crate Date: 2020-11-18 ID: RUSTSEC-2020-0071 URL: https://rustsec.org/advisories/RUSTSEC-2020-0071 Solution: Upgrade to >=0.2.23 Dependency tree: time 0.1.43 Crate: net2 Version: 0.2.37 Warning: unmaintained Title: `net2` crate has been deprecated; use `socket2` instead Date: 2020-05-01 ID: RUSTSEC-2020-0016 URL: https://rustsec.org/advisories/RUSTSEC-2020-0016 Dependency tree: net2 0.2.37 error: 3 vulnerabilities found! warning: 1 allowed warning found
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3467a8bcf979ca71be57ed2bebdbfdb84258ce17 commit 3467a8bcf979ca71be57ed2bebdbfdb84258ce17 Author: Ionen Wolkens <ionen@gentoo.org> AuthorDate: 2023-02-09 00:35:32 +0000 Commit: Ionen Wolkens <ionen@gentoo.org> CommitDate: 2023-02-09 00:43:32 +0000 app-text/mdbook: add 0.4.26 wrt bug #864040, cargo audit now gives a clean bill of health and just pending stable & cleanup Bug: https://bugs.gentoo.org/864040 Signed-off-by: Ionen Wolkens <ionen@gentoo.org> app-text/mdbook/Manifest | 19 +++ app-text/mdbook/mdbook-0.4.26.ebuild | 267 +++++++++++++++++++++++++++++++++++ 2 files changed, 286 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5f331fad5cde756f46bc9c3decf3bf88722f29e4 commit 5f331fad5cde756f46bc9c3decf3bf88722f29e4 Author: Ionen Wolkens <ionen@gentoo.org> AuthorDate: 2023-02-13 16:22:49 +0000 Commit: Ionen Wolkens <ionen@gentoo.org> CommitDate: 2023-02-13 16:22:51 +0000 app-text/mdbook: drop 0.4.26, and vulnerable 0.4.25 Bug: https://bugs.gentoo.org/864040 Signed-off-by: Ionen Wolkens <ionen@gentoo.org> app-text/mdbook/Manifest | 24 ---- app-text/mdbook/mdbook-0.4.25.ebuild | 267 ----------------------------------- app-text/mdbook/mdbook-0.4.26.ebuild | 267 ----------------------------------- 3 files changed, 558 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ea7266e23ffa61e43e408b789dd5651ad9d51651 commit ea7266e23ffa61e43e408b789dd5651ad9d51651 Author: Ionen Wolkens <ionen@gentoo.org> AuthorDate: 2023-02-13 16:20:44 +0000 Commit: Ionen Wolkens <ionen@gentoo.org> CommitDate: 2023-02-13 16:20:48 +0000 app-text/mdbook: stabilize 0.4.27 for amd64 Almost no code changes from 0.4.26 beside an API regression fix, so let's stable this one right away. Bug: https://bugs.gentoo.org/864040 Signed-off-by: Ionen Wolkens <ionen@gentoo.org> app-text/mdbook/mdbook-0.4.27.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Thanks!
