search

kata-containers / cgroups-rs

Native Rust library for managing control groups under Linux
https://crates.io/crates/cgroups-rs
Other
116 stars 47 forks source link

Update to nix 0.20.2 #58

Closed bjax15 closed 2 years ago

bjax15 commented 3 years ago

Describe the bug A vulnerability has been reported to RustSec for the nix 0.20.0 crate. The affected function doesn't look to be used in this crate, however, using cargo audit will trip on the 0.20.0 dependency nonetheless.

Expected behavior Running cargo audit without error.

Additional context RustSec entry:

Crate:         nix
Version:       0.20.0
Title:         Out-of-bounds write in nix::unistd::getgrouplist
Date:          2021-09-27
ID:            RUSTSEC-2021-0119
URL:           https://rustsec.org/advisories/RUSTSEC-2021-0119
Solution:      Upgrade to ^0.20.2 OR ^0.21.2 OR ^0.22.2 OR >=0.23.0
Tim-Zhang commented 3 years ago

As a library we don't have a Cargo.lock in our repo so that users can upgrade the nix version by themselves.

Tim-Zhang commented 2 years ago

ah, it makes sense if the major number is different.