Update Rust crate insta to 1.43.1 #959
Security advisories found
12 unmaintained, 1 unsound
Details
Warnings
RUSTSEC-2024-0413
gtk-rs GTK3 bindings - no longer maintained
| Details | |
|---|---|
| Status | unmaintained |
| Package | atk |
| Version | 0.18.2 |
| URL | gtk-rs/gtk3-rs@508a69b |
| Date | 2024-03-04 |
The gtk-rs GTK3 bindings are no longer maintained.
The maintainers have archived the repository, and added a note to the crate
description and its README.md that the crates are no longer maintained.
Please take a look at gtk4-rs instead.
### [RUSTSEC-2024-0416](https://rustsec.org/advisories/RUSTSEC-2024-0416.html)
> gtk-rs GTK3 bindings - no longer maintained
| Details | |
| ------------------- | ---------------------------------------------- |
| Status | unmaintained |
| Package | `atk-sys` |
| Version | `0.18.2` |
| URL | [https://github.com/gtk-rs/gtk3-rs/commit/508a69b63a3c5bf73790e0e59101a955847f30d6](https://github.com/gtk-rs/gtk3-rs/commit/508a69b63a3c5bf73790e0e59101a955847f30d6) |
| Date | 2024-03-04 |
The gtk-rs GTK3 bindings are no longer maintained.
The maintainers have archived the repository, and added a note to the crate
description and its README.md that the crates are no longer maintained.
Please take a look at [gtk4-rs](https://github.com/gtk-rs/gtk4-rs) instead.
RUSTSEC-2024-0412
gtk-rs GTK3 bindings - no longer maintained
| Details | |
|---|---|
| Status | unmaintained |
| Package | gdk |
| Version | 0.18.2 |
| URL | gtk-rs/gtk3-rs@508a69b |
| Date | 2024-03-04 |
The gtk-rs GTK3 bindings are no longer maintained.
The maintainers have archived the repository, and added a note to the crate
description and its README.md that the crates are no longer maintained.
Please take a look at gtk4-rs instead.
### [RUSTSEC-2024-0418](https://rustsec.org/advisories/RUSTSEC-2024-0418.html)
> gtk-rs GTK3 bindings - no longer maintained
| Details | |
| ------------------- | ---------------------------------------------- |
| Status | unmaintained |
| Package | `gdk-sys` |
| Version | `0.18.2` |
| URL | [https://github.com/gtk-rs/gtk3-rs/commit/508a69b63a3c5bf73790e0e59101a955847f30d6](https://github.com/gtk-rs/gtk3-rs/commit/508a69b63a3c5bf73790e0e59101a955847f30d6) |
| Date | 2024-03-04 |
The gtk-rs GTK3 bindings are no longer maintained.
The maintainers have archived the repository, and added a note to the crate
description and its README.md that the crates are no longer maintained.
Please take a look at [gtk4-rs](https://github.com/gtk-rs/gtk4-rs) instead.
RUSTSEC-2024-0411
gtk-rs GTK3 bindings - no longer maintained
| Details | |
|---|---|
| Status | unmaintained |
| Package | gdkwayland-sys |
| Version | 0.18.2 |
| URL | gtk-rs/gtk3-rs@508a69b |
| Date | 2024-03-04 |
The gtk-rs GTK3 bindings are no longer maintained.
The maintainers have archived the repository, and added a note to the crate
description and its README.md that the crates are no longer maintained.
Please take a look at gtk4-rs instead.
### [RUSTSEC-2024-0417](https://rustsec.org/advisories/RUSTSEC-2024-0417.html)
> gtk-rs GTK3 bindings - no longer maintained
| Details | |
| ------------------- | ---------------------------------------------- |
| Status | unmaintained |
| Package | `gdkx11` |
| Version | `0.18.2` |
| URL | [https://github.com/gtk-rs/gtk3-rs/commit/508a69b63a3c5bf73790e0e59101a955847f30d6](https://github.com/gtk-rs/gtk3-rs/commit/508a69b63a3c5bf73790e0e59101a955847f30d6) |
| Date | 2024-03-04 |
The gtk-rs GTK3 bindings are no longer maintained.
The maintainers have archived the repository, and added a note to the crate
description and its README.md that the crates are no longer maintained.
Please take a look at [gtk4-rs](https://github.com/gtk-rs/gtk4-rs) instead.
RUSTSEC-2024-0414
gtk-rs GTK3 bindings - no longer maintained
| Details | |
|---|---|
| Status | unmaintained |
| Package | gdkx11-sys |
| Version | 0.18.2 |
| URL | gtk-rs/gtk3-rs@508a69b |
| Date | 2024-03-04 |
The gtk-rs GTK3 bindings are no longer maintained.
The maintainers have archived the repository, and added a note to the crate
description and its README.md that the crates are no longer maintained.
Please take a look at gtk4-rs instead.
### [RUSTSEC-2024-0415](https://rustsec.org/advisories/RUSTSEC-2024-0415.html)
> gtk-rs GTK3 bindings - no longer maintained
| Details | |
| ------------------- | ---------------------------------------------- |
| Status | unmaintained |
| Package | `gtk` |
| Version | `0.18.2` |
| URL | [https://github.com/gtk-rs/gtk3-rs/commit/508a69b63a3c5bf73790e0e59101a955847f30d6](https://github.com/gtk-rs/gtk3-rs/commit/508a69b63a3c5bf73790e0e59101a955847f30d6) |
| Date | 2024-03-04 |
The gtk-rs GTK3 bindings are no longer maintained.
The maintainers have archived the repository, and added a note to the crate
description and its README.md that the crates are no longer maintained.
Please take a look at [gtk4-rs](https://github.com/gtk-rs/gtk4-rs) instead.
RUSTSEC-2024-0420
gtk-rs GTK3 bindings - no longer maintained
| Details | |
|---|---|
| Status | unmaintained |
| Package | gtk-sys |
| Version | 0.18.2 |
| URL | gtk-rs/gtk3-rs@508a69b |
| Date | 2024-03-04 |
The gtk-rs GTK3 bindings are no longer maintained.
The maintainers have archived the repository, and added a note to the crate
description and its README.md that the crates are no longer maintained.
Please take a look at gtk4-rs instead.
### [RUSTSEC-2024-0419](https://rustsec.org/advisories/RUSTSEC-2024-0419.html)
> gtk-rs GTK3 bindings - no longer maintained
| Details | |
| ------------------- | ---------------------------------------------- |
| Status | unmaintained |
| Package | `gtk3-macros` |
| Version | `0.18.2` |
| URL | [https://github.com/gtk-rs/gtk3-rs/commit/508a69b63a3c5bf73790e0e59101a955847f30d6](https://github.com/gtk-rs/gtk3-rs/commit/508a69b63a3c5bf73790e0e59101a955847f30d6) |
| Date | 2024-03-04 |
The gtk-rs GTK3 bindings are no longer maintained.
The maintainers have archived the repository, and added a note to the crate
description and its README.md that the crates are no longer maintained.
Please take a look at [gtk4-rs](https://github.com/gtk-rs/gtk4-rs) instead.
RUSTSEC-2024-0436
paste - no longer maintained
| Details | |
|---|---|
| Status | unmaintained |
| Package | paste |
| Version | 1.0.15 |
| URL | https://github.com/dtolnay/paste |
| Date | 2024-10-07 |
The creator of the crate paste has stated in the README.md
that this project is not longer maintained as well as archived the repository
RUSTSEC-2024-0370
proc-macro-error is unmaintained
| Details | |
|---|---|
| Status | unmaintained |
| Package | proc-macro-error |
| Version | 1.0.4 |
| URL | https://gitlab.com/CreepySkeleton/proc-macro-error/-/issues/20 |
| Date | 2024-09-01 |
proc-macro-error's maintainer seems to be unreachable, with no commits for 2 years, no releases pushed for 4 years, and no activity on the GitLab repo or response to email.
proc-macro-error also depends on syn 1.x, which may be bringing duplicate dependencies into dependant build trees.
Possible Alternative(s)
RUSTSEC-2024-0429
Unsoundness in
IteratorandDoubleEndedIteratorimpls forglib::VariantStrIter
| Details | |
|---|---|
| Status | unsound |
| Package | glib |
| Version | 0.18.5 |
| URL | gtk-rs/gtk-rs-core#1343 |
| Date | 2024-03-30 |
The VariantStrIter::impl_get function (called internally by implementations of the Iterator and DoubleEndedIterator traits for this type) was unsound, resulting in undefined behaviour.
An immutable reference &p to a *mut libc::c_char pointer initialized to NULL was passed as an argument to a C function that that mutates the pointer behind &p in-place (i.e. as an out-argument), which was unsound. After changes in recent versions of the Rust compiler, these unsound writes through &p now seem to be completely disregarded when building the glib crate with optimizations.
This subsequently caused all calls of VariantStrIter::impl_get to violate the safety requirements of the std::ffi::CStr::from_ptr function - which requires its argument to be a valid pointer to a C-style string - resulting in crashes due to NULL pointer dereferences.
This was fixed by passing the out-argument pointer explitly as &mut p instead of &p.
This issue has been present since this code was initially added in glib v0.15.0. The mismatch in mutability was likely missed (and not raised as an error by the compiler) because the C function wrapped by VariantStrIter::impl_get is variadic (glib_sys::g_variant_get_child), and the pointer in question is one of the variadic arguments.