Summary: | app-misc/weggli: 'cargo audit' reports one or more bundled CRATES as vulnerable | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | CONFIRMED --- | ||
Severity: | normal | CC: | matthew |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | ~? [upstream] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2022-08-06 15:29:27 UTC
weggli-0.2.4 still has the vulnerable crates in its lockfile. Unsure how impactful these vulnerabilities as they are used in this package, but I will try and find the time to update them and send a patch upstream. (I imagine that chrono-0.4.19 -> chrono-0.4.20 will be trivial, while nix-0.17.0->nix-0.24.2 will require changes.) |