search

Nullus157 / cbor-diag-rs

Support for parsing/encoding CBOR diagnostic notation and annotated hex
https://cbor.nemo157.com
Apache License 2.0
9 stars 6 forks source link

RUSTSEC-2020-0159 - Potential segfault in localtime_r invocations #119

Closed fmorency closed 1 year ago

fmorency commented 1 year ago

Affects chrono < 0.4.20

See https://rustsec.org/advisories/RUSTSEC-2020-0159

Nemo157 commented 1 year ago

The library's dependency version requirement allows for users to use a fixed version. The CLI is unaffected because it is single-threaded.

Nemo157 commented 1 year ago

(It probably is still worth bumping the minimum requirement to a fixed one though).

fmorency commented 1 year ago

(It probably is still worth bumping the minimum requirement to a fixed one though).

Yes! cargo audit will complain otherwise.

Nemo157 commented 1 year ago

I just published cbor-diag 0.1.10 which bumps the minimum supported chrono version to 0.4.22.