gitarena
gitarena copied to clipboard
Published
20 hours ago •
mellowagain
mellowagain
RUSTSEC-2020-0159: Potential segfault in `localtime_r` invocations
Potential segfault in
localtime_rinvocations
| Details | |
|---|---|
| Package | chrono |
| Version | 0.4.19 |
| URL | https://github.com/chronotope/chrono/issues/499 |
| Date | 2020-11-10 |
Impact
Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.
Workarounds
No workarounds are known.
References
See advisory page for additional details.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
May be a duplicate of #40 - keeping it open as this one is for the chrono crate while #40 is for the time crate
The time crate has fixed this issue (I think, but judging from the discussion on the linked issue it seems somewhat still occuring?). Keeping this on hold because as of now there are no known fixes to chrono or work arounds for this issue.