New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RUSTSEC-2020-0159: Potential segfault in localtime_r
invocations
#2928
Comments
Just wanted to add that at quickwit/tantivy we removed chrono in favor of time (https://crates.io/crates/time), since chrono is unmaintained. |
@PSeitz We do not have any planes to remove chrono as:
As for using time: I would accept a PR adding support for the corresponding time types, but I personally do not have any plan to implement that in the next weeks/months. |
Considering the advisory has been withdrawn (https://rustsec.org/advisories/RUSTSEC-2020-0159.html) and chrono is an opt-in we can probably close this. |
The allowlist item has been introduced by diesel-rs#2928 & diesel-rs#2955. The item is no longer needed after chrono has been fixed on 0.4.20 in diesel-rs#3264.
chrono
0.4.19
Impact
Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.
Workarounds
No workarounds are known.
References
See advisory page for additional details.
The text was updated successfully, but these errors were encountered: