Dear maintainer(s), 'cargo audit' reports one or more bundled CRATES as vulnerable. To reproduce please install dev-util/cargo-audit and run: cargo audit --file Cargo.lock where Cargo.lock is generated during the build of this package. For simplicity, I'm attaching here the content of 'cargo audit' here: Loaded 433 security advisories (from /tmp/advisory-db) Scanning Cargo.lock for vulnerabilities (104 crate dependencies) Crate: regex Version: 1.5.4 Title: Regexes with large repetitions on empty sub-expressions take a very long time to parse Date: 2022-03-08 ID: RUSTSEC-2022-0013 URL: https://rustsec.org/advisories/RUSTSEC-2022-0013 Solution: Upgrade to >=1.5.5 Dependency tree: regex 1.5.4 error: 1 vulnerability found!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ba93f7ddcc4c267e6559657bd41e2f4a68491bbb commit ba93f7ddcc4c267e6559657bd41e2f4a68491bbb Author: Ionen Wolkens <ionen@gentoo.org> AuthorDate: 2022-08-07 13:18:02 +0000 Commit: Ionen Wolkens <ionen@gentoo.org> CommitDate: 2022-08-07 13:59:03 +0000 dev-python/adblock: drop vulnerable 0.5.2-r1 Bug: https://bugs.gentoo.org/864046 Signed-off-by: Ionen Wolkens <ionen@gentoo.org> dev-python/adblock/Manifest | 41 ------------- dev-python/adblock/adblock-0.5.2-r1.ebuild | 99 ------------------------------ 2 files changed, 140 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c175999cbb5023c2ed978518225cbd94a8bd8aee commit c175999cbb5023c2ed978518225cbd94a8bd8aee Author: Ionen Wolkens <ionen@gentoo.org> AuthorDate: 2022-08-07 13:17:43 +0000 Commit: Ionen Wolkens <ionen@gentoo.org> CommitDate: 2022-08-07 13:59:03 +0000 dev-python/adblock: stabilize 0.6.0 for amd64 Uses regex-1.6.0 wrt bug #864046 Bug: https://bugs.gentoo.org/864046 Signed-off-by: Ionen Wolkens <ionen@gentoo.org> dev-python/adblock/adblock-0.6.0.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
