Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[token-2022] Vulnerable dependencies (TOK-STK-3) #3697

Closed
samkim-crypto opened this issue Oct 12, 2022 · 1 comment
Closed

[token-2022] Vulnerable dependencies (TOK-STK-3) #3697

samkim-crypto opened this issue Oct 12, 2022 · 1 comment
Labels
stale [bot only] Added to stale content; will be closed soon

Comments

@samkim-crypto
Copy link
Contributor

Description

The result from the cargo audit command shows there is one crate (time) with a known vulnerability.

❯ cargo audit
Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 458 security advisories (from /Users/andershelsing/.cargo/advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (651 crate dependencies)
Crate:     time
Version:   0.1.44
Title:     Potential segfault in the time crate
Date:      2020-11-18
ID:        RUSTSEC-2020-0071
URL:       https://rustsec.org/advisories/RUSTSEC-2020-0071
Solution:  Upgrade to >=0.2.23

Recommendations

Short term, triage the use of the vulnerability in the time crate, and upgrade to a version where it is patched.
@joncinque joncinque moved this to Audits in SPL Token 22 Apr 17, 2023
@github-actions github-actions bot added the stale [bot only] Added to stale content; will be closed soon label Oct 12, 2023
@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Oct 19, 2023
@github-project-automation github-project-automation bot moved this from Audits to Closed in SPL Token 22 Oct 19, 2023
@joncinque joncinque removed the stale [bot only] Added to stale content; will be closed soon label Oct 19, 2023
@joncinque joncinque reopened this Oct 19, 2023
@github-project-automation github-project-automation bot moved this from Closed to Needs triage in SPL Token 22 Oct 19, 2023
@joncinque joncinque moved this from Needs triage to Audits in SPL Token 22 Oct 19, 2023
@github-actions github-actions bot added the stale [bot only] Added to stale content; will be closed soon label Oct 21, 2024
@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Oct 29, 2024
@github-project-automation github-project-automation bot moved this from Audits to Closed in SPL Token 22 Oct 29, 2024
@joncinque
Copy link
Contributor

Looks like this was actually fixed awhile back! But I can't find the PR that did it. It was definitely before we removed the audit ignore with #7113

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stale [bot only] Added to stale content; will be closed soon
Projects
SPL Token 22
Status: Closed
Milestone
No milestone
Development

No branches or pull requests
2 participants
@joncinque @samkim-crypto