Closed vext01 closed 3 years ago
Linking the relevant issue here for posterity: danburkert/memmap-rs/issues/90
I don't have the time or resources to maintain that crate myself. In the thread there seems to be a consensus to wait a week on if this advisory triggers any action to try to move things. As the crate is relatively small and just does one thing properly there's not really a risk of security issues with it. It's just annoying right now as it blocks fixing a bug (make MAP_ANON maps non MAP_SHARED).
Current candidate for replacement is memmap2
. I also already merged a fix for the MAP_SHARED | MAP_ANON issue there.
Sounds good! Shall we go ahead with the switch?
Any thoughts on this? Our weekly audit is still flagging this as a problem.
Whoops I completely forgot about this, life got a bit in the way. I need to do a bit of branching to get that in right now because there's some stuff on dev staged that needs a new major release but also some more evaluation first.
Fixed in 1.0.1, which was just released.
Great! Thanks!
On Tue, 12 Jan 2021, 00:42 CensoredUsername, notifications@github.com wrote:
Closed #52 https://github.com/CensoredUsername/dynasm-rs/issues/52.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/CensoredUsername/dynasm-rs/issues/52#event-4193438938, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAETWG2TJXAWRLJGQ6QAXZ3SZOLHVANCNFSM4UQJIW4Q .
I know you are aware of this @CensoredUsername, however
cargo audit
has just recently started complaining about it:I think you said you had another library in mind. Is it time to switch to it perhaps?