Dear maintainer(s), 'cargo audit' reports one or more bundled CRATES as vulnerable. To reproduce please install dev-util/cargo-audit and run: cargo audit --file Cargo.lock where Cargo.lock is generated during the build of this package. For simplicity, I'm attaching here the content of 'cargo audit' here: Loaded 433 security advisories (from /tmp/advisory-db) Scanning Cargo.lock for vulnerabilities (81 crate dependencies) Crate: rustc-serialize Version: 0.3.24 Title: Stack overflow in rustc_serialize when parsing deeply nested JSON Date: 2022-01-01 ID: RUSTSEC-2022-0004 URL: https://rustsec.org/advisories/RUSTSEC-2022-0004 Solution: No fixed upgrade is available! Dependency tree: rustc-serialize 0.3.24 Crate: time Version: 0.1.44 Title: Potential segfault in the time crate Date: 2020-11-18 ID: RUSTSEC-2020-0071 URL: https://rustsec.org/advisories/RUSTSEC-2020-0071 Solution: Upgrade to >=0.2.23 Dependency tree: time 0.1.44 Crate: term Version: 0.5.2 Warning: unmaintained Title: term is looking for a new maintainer Date: 2018-11-19 ID: RUSTSEC-2018-0015 URL: https://rustsec.org/advisories/RUSTSEC-2018-0015 Dependency tree: term 0.5.2 error: 2 vulnerabilities found! warning: 1 allowed warning found
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f11dfc367b0aeacfab501add2182a37d9387b8b1 commit f11dfc367b0aeacfab501add2182a37d9387b8b1 Author: Georgy Yakovlev <gyakovlev@gentoo.org> AuthorDate: 2022-09-27 02:57:13 +0000 Commit: Georgy Yakovlev <gyakovlev@gentoo.org> CommitDate: 2022-09-27 02:57:18 +0000 dev-util/bingrep: drop 0.10.0 Bug: https://bugs.gentoo.org/864052 Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org> dev-util/bingrep/Manifest | 35 ----------- dev-util/bingrep/bingrep-0.10.0.ebuild | 106 --------------------------------- 2 files changed, 141 deletions(-)