Skip to content

RUSTSEC-2020-0159: Potential segfault in localtime_r invocations #400

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
github-actions bot opened this issue Oct 19, 2021 · 7 comments
Closed

RUSTSEC-2020-0159: Potential segfault in localtime_r invocations #400

github-actions bot opened this issue Oct 19, 2021 · 7 comments
Assignees
@kate-goldenring
Labels
stale

Comments

@github-actions
Copy link
Contributor

Potential segfault in localtime_r invocations

Details
Package chrono
Version 0.4.19
URL chronotope/chrono#499
Date 2020-11-10

Impact

Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.

Workarounds

No workarounds are known.

References

See advisory page for additional details.
@kate-goldenring
Copy link
Contributor

See background from #398 (comment)

@github-actions
Copy link
Contributor Author

github-actions bot commented Feb 1, 2022

Issue has been automatically marked as stale due to inactivity for 90 days. Update the issue to remove label, otherwise it will be automatically closed.

@github-actions github-actions bot added the stale label Feb 1, 2022
@github-actions github-actions bot closed this as completed May 2, 2022
@kate-goldenring
Copy link
Contributor

still active when run cargo audit locally but it looks like kube-rs took steps to mitigate using vulnerable features of chrono kube-rs/kube#650

@Ragnyll
Copy link
Contributor

Ragnyll commented May 3, 2022
edited
Loading

This is the comment i was referencing in todays meeting saying that it might not affect this. chronotope/chrono#578 (comment)

I'll need to remind myself what this means in reference to kube-rs though. i may be wrong here.

@kate-goldenring
Copy link
Contributor

This is the comment i was referencing in todays meeting saying that it might not affect this. chronotope/chrono#578 (comment)

I'll need to remind myself what this means in reference to kube-rs though. i may be wrong here.

Thanks. Looks like once chrono removes dependency on time and kube-rs uses the latest chrono, this will go away

@github-actions
Copy link
Contributor Author

github-actions bot commented Aug 2, 2022

Issue has been automatically marked as stale due to inactivity for 90 days. Update the issue to remove label, otherwise it will be automatically closed.

@github-actions github-actions bot added the stale label Aug 2, 2022
@github-actions github-actions bot closed this as completed Nov 1, 2022
@github-actions
Copy link
Contributor Author

Issue has been automatically marked as stale due to inactivity for 90 days. Update the issue to remove label, otherwise it will be automatically closed.

@github-actions github-actions bot added the stale label Jan 31, 2023
@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale May 2, 2023
@kate-goldenring kate-goldenring moved this to Done in Akri Roadmap Oct 3, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kate-goldenring kate-goldenring

Labels
stale
Projects
Akri Roadmap
Status: Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Ragnyll @kate-goldenring