Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 864052 - dev-util/bingrep: 'cargo audit' reports one or more bundled CRATES as vulnerable
Summary: dev-util/bingrep: 'cargo audit' reports one or more bundled CRATES as vulnerable
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Depends on:
Reported: 2022-08-06 15:32 UTC by Agostino Sarubbo
Modified: 2022-09-27 02:57 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2022-08-06 15:32:02 UTC
Dear maintainer(s),
'cargo audit' reports one or more bundled CRATES as vulnerable.
To reproduce please install dev-util/cargo-audit and run:
cargo audit --file Cargo.lock
where Cargo.lock is generated during the build of this package.

For simplicity, I'm attaching here the content of 'cargo audit' here:

      Loaded 433 security advisories (from /tmp/advisory-db)
    Scanning Cargo.lock for vulnerabilities (81 crate dependencies)
Crate:     rustc-serialize
Version:   0.3.24
Title:     Stack overflow in rustc_serialize when parsing deeply nested JSON
Date:      2022-01-01
ID:        RUSTSEC-2022-0004
Solution:  No fixed upgrade is available!
Dependency tree:
rustc-serialize 0.3.24

Crate:     time
Version:   0.1.44
Title:     Potential segfault in the time crate
Date:      2020-11-18
ID:        RUSTSEC-2020-0071
Solution:  Upgrade to >=0.2.23
Dependency tree:
time 0.1.44

Crate:     term
Version:   0.5.2
Warning:   unmaintained
Title:     term is looking for a new maintainer
Date:      2018-11-19
ID:        RUSTSEC-2018-0015
Dependency tree:
term 0.5.2

error: 2 vulnerabilities found!
warning: 1 allowed warning found
Comment 1 Larry the Git Cow gentoo-dev 2022-09-27 02:57:49 UTC
The bug has been referenced in the following commit(s):

commit f11dfc367b0aeacfab501add2182a37d9387b8b1
Author:     Georgy Yakovlev <>
AuthorDate: 2022-09-27 02:57:13 +0000
Commit:     Georgy Yakovlev <>
CommitDate: 2022-09-27 02:57:18 +0000

    dev-util/bingrep: drop 0.10.0
    Signed-off-by: Georgy Yakovlev <>

 dev-util/bingrep/Manifest              |  35 -----------
 dev-util/bingrep/bingrep-0.10.0.ebuild | 106 ---------------------------------
 2 files changed, 141 deletions(-)