Skip to content
This repository has been archived by the owner on Mar 11, 2024. It is now read-only.

Security vulnerability with time: v0.1.43 #196

Closed
appetrosyan opened this issue Dec 6, 2021 · 1 comment
Closed

Security vulnerability with time: v0.1.43 #196

appetrosyan opened this issue Dec 6, 2021 · 1 comment

Comments

@appetrosyan
Copy link
Contributor

appetrosyan commented Dec 6, 2021
edited
Loading

Hi, we're using ursa in hyperledger iroha, When we ran cargo audit We found

Crate:         time
Version:       0.1.43
Title:         Potential segfault in the time crate
Date:          2020-11-18
ID:            RUSTSEC-2020-0071
URL:           https://rustsec.org/advisories/RUSTSEC-2020-0071
Solution:      Upgrade to >=0.2.23
Dependency tree: 
time 0.1.43

And cargo tree showed time as a direct dependency of ursa.
@appetrosyan appetrosyan reopened this Dec 6, 2021
@hartm
Copy link
Contributor

hartm commented Dec 13, 2021

I think time is only used for performance benchmarking, so this shouldn't be a security vulnerability for Ursa. But it definitely should be updated, so thanks for pointing this out!

@dcmiddle dcmiddle mentioned this issue Dec 14, 2021
Closed
@dcmiddle dcmiddle mentioned this issue Jan 7, 2022
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update Time crate dcmiddle/ursa
2 participants
@appetrosyan @hartm