Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RUSTSEC-2020-0041]: upgrade sized-chunks #3764

Closed
fanatid opened this issue Sep 8, 2020 · 1 comment
Closed

[RUSTSEC-2020-0041]: upgrade sized-chunks #3764

fanatid opened this issue Sep 8, 2020 · 1 comment
Labels
domain: security Anything related to security have: must We must have this feature, it is critical to the project's success. It is high priority. meta: blocked Anything that is blocked to the point where it cannot be worked on.

Comments

@fanatid
Copy link
Contributor

fanatid commented Sep 8, 2020
edited
Loading

This is tracking issue for bodil/sized-chunks#11 (CI fix with deny.toml submitted in: #3765).

cargo-deny output:

error[RUSTSEC-2020-0041]: Multiple soundness issues in Chunk and InlineArray
    ┌─ /home/kirill/projects/vector/Cargo.lock:368:1
    │
368 │ sized-chunks 0.6.2 registry+https://github.com/rust-lang/crates.io-index
    │ ------------------------------------------------------------------------ security vulnerability detected
    │
    = Chunk:
      
      * Array size is not checked when constructed with `unit()` and `pair()`.
      * Array size is not checked when constructed with `From<InlineArray<A, T>>`.
      * `Clone` and `insert_from` are not panic-safe; A panicking iterator causes memory safety issues with them.
      
      InlineArray:
      
      * Generates unaligned references for types with a large alignment requirement.
    = URL: https://github.com/bodil/sized-chunks/issues/11
    = sized-chunks v0.6.2
      └── im v15.0.0
          └── metrics-runtime v0.13.1
              └── vector v0.11.0
@fanatid fanatid added the domain: security Anything related to security label Sep 8, 2020
@fanatid fanatid mentioned this issue Sep 8, 2020
Merged
@binarylogic binarylogic added the have: must We must have this feature, it is critical to the project's success. It is high priority. label Sep 8, 2020
@fanatid fanatid added the meta: blocked Anything that is blocked to the point where it cannot be worked on. label Sep 8, 2020
@fanatid fanatid removed this from the 2020-08-31 - Digitization Laser milestone Sep 8, 2020
@fanatid fanatid removed this from the 2020-08-31 - Digitization Laser milestone Sep 11, 2020
@jamtur01 jamtur01 added this to the 2020-09-28 - Derezzed milestone Sep 25, 2020
@binarylogic binarylogic removed this from the 2020-09-28 - Derezzed milestone Oct 9, 2020
@fanatid
Copy link
Contributor Author

fanatid commented Nov 19, 2020

Ignore rule removed in #4561

@fanatid fanatid closed this as completed Nov 19, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
domain: security Anything related to security have: must We must have this feature, it is critical to the project's success. It is high priority. meta: blocked Anything that is blocked to the point where it cannot be worked on.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jamtur01 @binarylogic @fanatid