| Summary: | app-i18n/yaskkserv2: 'cargo audit' reports one or more bundled CRATES as vulnerable | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | CONFIRMED --- | ||
| Severity: | normal | CC: | cjk |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
Dear maintainer(s), 'cargo audit' reports one or more bundled CRATES as vulnerable. To reproduce please install dev-util/cargo-audit and run: cargo audit --file Cargo.lock where Cargo.lock is generated during the build of this package. For simplicity, I'm attaching here the content of 'cargo audit' here: Loaded 433 security advisories (from /tmp/advisory-db) Scanning Cargo.lock for vulnerabilities (151 crate dependencies) Crate: smallvec Version: 0.6.10 Title: Buffer overflow in SmallVec::insert_many Date: 2021-01-08 ID: RUSTSEC-2021-0003 URL: https://rustsec.org/advisories/RUSTSEC-2021-0003 Solution: Upgrade to >=0.6.14, <1.0.0 OR >=1.6.1 Dependency tree: smallvec 0.6.10 Crate: time Version: 0.1.42 Title: Potential segfault in the time crate Date: 2020-11-18 ID: RUSTSEC-2020-0071 URL: https://rustsec.org/advisories/RUSTSEC-2020-0071 Solution: Upgrade to >=0.2.23 Dependency tree: time 0.1.42 error: 2 vulnerabilities found!