Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 864007 - app-crypt/sequoia-sqv: 'cargo audit' reports one or more bundled CRATES as vulnerable
Summary: app-crypt/sequoia-sqv: 'cargo audit' reports one or more bundled CRATES as vu...
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Depends on:
Reported: 2022-08-06 15:28 UTC by Agostino Sarubbo
Modified: 2022-08-06 15:28 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2022-08-06 15:28:09 UTC
Dear maintainer(s),
'cargo audit' reports one or more bundled CRATES as vulnerable.
To reproduce please install dev-util/cargo-audit and run:
cargo audit --file Cargo.lock
where Cargo.lock is generated during the build of this package.

For simplicity, I'm attaching here the content of 'cargo audit' here:

      Loaded 433 security advisories (from /tmp/advisory-db)
    Scanning Cargo.lock for vulnerabilities (149 crate dependencies)
Crate:     chrono
Version:   0.4.19
Title:     Potential segfault in `localtime_r` invocations
Date:      2020-11-10
ID:        RUSTSEC-2020-0159
Solution:  Upgrade to >=0.4.20
Dependency tree:
chrono 0.4.19

Crate:     regex
Version:   1.5.4
Title:     Regexes with large repetitions on empty sub-expressions take a very long time to parse
Date:      2022-03-08
ID:        RUSTSEC-2022-0013
Solution:  Upgrade to >=1.5.5
Dependency tree:
regex 1.5.4

Crate:     time
Version:   0.1.43
Title:     Potential segfault in the time crate
Date:      2020-11-18
ID:        RUSTSEC-2020-0071
Solution:  Upgrade to >=0.2.23
Dependency tree:
time 0.1.43

Crate:     difference
Version:   2.0.0
Warning:   unmaintained
Title:     difference is unmaintained
Date:      2020-12-20
ID:        RUSTSEC-2020-0095
Dependency tree:
difference 2.0.0

Crate:     failure
Version:   0.1.8
Warning:   unmaintained
Title:     failure is officially deprecated/unmaintained
Date:      2020-05-02
ID:        RUSTSEC-2020-0036
Dependency tree:
failure 0.1.8

Crate:     term_size
Version:   0.3.2
Warning:   unmaintained
Title:     `term_size` is unmaintained; use `terminal_size` instead
Date:      2020-11-03
ID:        RUSTSEC-2020-0163
Dependency tree:
term_size 0.3.2

error: 3 vulnerabilities found!
warning: 3 allowed warnings found