Dear maintainer(s), 'cargo audit' reports one or more bundled CRATES as vulnerable. To reproduce please install dev-util/cargo-audit and run: cargo audit --file Cargo.lock where Cargo.lock is generated during the build of this package. For simplicity, I'm attaching here the content of 'cargo audit' here: Loaded 433 security advisories (from /tmp/advisory-db) Scanning Cargo.lock for vulnerabilities (149 crate dependencies) Crate: chrono Version: 0.4.19 Title: Potential segfault in `localtime_r` invocations Date: 2020-11-10 ID: RUSTSEC-2020-0159 URL: https://rustsec.org/advisories/RUSTSEC-2020-0159 Solution: Upgrade to >=0.4.20 Dependency tree: chrono 0.4.19 Crate: regex Version: 1.5.4 Title: Regexes with large repetitions on empty sub-expressions take a very long time to parse Date: 2022-03-08 ID: RUSTSEC-2022-0013 URL: https://rustsec.org/advisories/RUSTSEC-2022-0013 Solution: Upgrade to >=1.5.5 Dependency tree: regex 1.5.4 Crate: time Version: 0.1.43 Title: Potential segfault in the time crate Date: 2020-11-18 ID: RUSTSEC-2020-0071 URL: https://rustsec.org/advisories/RUSTSEC-2020-0071 Solution: Upgrade to >=0.2.23 Dependency tree: time 0.1.43 Crate: difference Version: 2.0.0 Warning: unmaintained Title: difference is unmaintained Date: 2020-12-20 ID: RUSTSEC-2020-0095 URL: https://rustsec.org/advisories/RUSTSEC-2020-0095 Dependency tree: difference 2.0.0 Crate: failure Version: 0.1.8 Warning: unmaintained Title: failure is officially deprecated/unmaintained Date: 2020-05-02 ID: RUSTSEC-2020-0036 URL: https://rustsec.org/advisories/RUSTSEC-2020-0036 Dependency tree: failure 0.1.8 Crate: term_size Version: 0.3.2 Warning: unmaintained Title: `term_size` is unmaintained; use `terminal_size` instead Date: 2020-11-03 ID: RUSTSEC-2020-0163 URL: https://rustsec.org/advisories/RUSTSEC-2020-0163 Dependency tree: term_size 0.3.2 error: 3 vulnerabilities found! warning: 3 allowed warnings found
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8c9863f1218b638ab6c5f5eb74c21e31d0f6dca9 commit 8c9863f1218b638ab6c5f5eb74c21e31d0f6dca9 Author: Sam James <sam@gentoo.org> AuthorDate: 2024-06-03 00:43:30 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-06-03 00:43:30 +0000 app-crypt/sequoia-sqv: drop 1.1.0-r2 Closes: https://bugs.gentoo.org/864007 Closes: https://bugs.gentoo.org/925434 Closes: https://bugs.gentoo.org/928865 Signed-off-by: Sam James <sam@gentoo.org> app-crypt/sequoia-sqv/Manifest | 160 ------------- app-crypt/sequoia-sqv/sequoia-sqv-1.1.0-r2.ebuild | 276 ---------------------- 2 files changed, 436 deletions(-)