| Summary: | app-benchmarks/hyperfine: 'cargo audit' reports one or more bundled CRATES as vulnerable | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | CONFIRMED --- | ||
| Severity: | normal | CC: | gyakovlev |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
Dear maintainer(s), 'cargo audit' reports one or more bundled CRATES as vulnerable. To reproduce please install dev-util/cargo-audit and run: cargo audit --file Cargo.lock where Cargo.lock is generated during the build of this package. For simplicity, I'm attaching here the content of 'cargo audit' here: Loaded 433 security advisories (from /tmp/advisory-db) Scanning Cargo.lock for vulnerabilities (128 crate dependencies) Crate: regex Version: 1.4.1 Title: Regexes with large repetitions on empty sub-expressions take a very long time to parse Date: 2022-03-08 ID: RUSTSEC-2022-0013 URL: https://rustsec.org/advisories/RUSTSEC-2022-0013 Solution: Upgrade to >=1.5.5 Dependency tree: regex 1.4.1 Crate: regex Version: 1.5.4 Title: Regexes with large repetitions on empty sub-expressions take a very long time to parse Date: 2022-03-08 ID: RUSTSEC-2022-0013 URL: https://rustsec.org/advisories/RUSTSEC-2022-0013 Solution: Upgrade to >=1.5.5 Dependency tree: regex 1.5.4 Crate: term_size Version: 0.3.2 Warning: unmaintained Title: `term_size` is unmaintained; use `terminal_size` instead Date: 2020-11-03 ID: RUSTSEC-2020-0163 URL: https://rustsec.org/advisories/RUSTSEC-2020-0163 Dependency tree: term_size 0.3.2 error: 2 vulnerabilities found! warning: 1 allowed warning found