Bug #5266
closed
rust: update time dependency
Added by Jeff Lucovsky over 2 years ago.
Updated 9 months ago.
Description
Crate: time
Version: 0.1.44
Title: Potential segfault in the time crate
Date: 2020-11-18
ID: RUSTSEC-2020-0071
URL: https://rustsec.org/advisories/RUSTSEC-2020-0071
Solution: Upgrade to >=0.2.23
Dependency tree:
time 0.1.44
└── x509-parser 0.6.5
└── suricata 7.0.0-dev
- Copied from Bug #5259: rust: update time dependency added
- Target version changed from 6.0.5 to 6.0.6
- Target version changed from 6.0.6 to 6.0.7
- Target version changed from 6.0.7 to 6.0.8
- Target version changed from 6.0.8 to 6.0.9
- Target version changed from 6.0.9 to 6.0.10
- Target version changed from 6.0.10 to 6.0.11
Pushing forward 6.0.11.
This might be out of scope for 6.0 in general. Updating x509-parser to remove this time dependency requires us to move to x509-parser version 0.13.0 which requires Rust 1.53+.
Currently, Suricata 6.0.0 is still trying to support Rust 1.41.1.
- Target version changed from 6.0.11 to 6.0.12
Pushing forward again for the same reasons as before. Fixing this audit warning requires updating x509-parser and this ripples into updating the MSRV, etc.
- Target version changed from 6.0.12 to 6.0.13
Do we want to keep carrying this forward? It does require non-trivial changes I believe, and a new MSRV.
- Target version changed from 6.0.13 to 6.0.14
- Related to Bug #5439: Invalid certificate when Issuer is not present. added
- Target version changed from 6.0.14 to 6.0.15
- Target version changed from 6.0.15 to 6.0.16
- Target version changed from 6.0.16 to 6.0.17
- Status changed from Assigned to Rejected
- Assignee deleted (
Jason Ish)
- Target version deleted (
6.0.17)
Rejecting as 6.0.x is now in extended support and EOL in 6 months.
Also available in: Atom
PDF