Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security issue Segmentation fault in time dependency #167

Open
inf17101 opened this issue Sep 12, 2023 · 0 comments
Open

Security issue Segmentation fault in time dependency #167

inf17101 opened this issue Sep 12, 2023 · 0 comments
Labels
C-bug Category: issue or a bug

Comments

@inf17101
Copy link

inf17101 commented Sep 12, 2023
edited
Loading

The podman-api-rs uses the time dependency which has a known vulnerability for segmentation fault.

We use podman-api-rs in our project and the github security scan has shown that there is an issue with the time crate.

The time dependency is used by the sub-dependencies containers-api and the podman-api-stubs in podman-api-rs.

It is recommended to upgrade the time dependency to verion 0.2.23. Could you do this for podman-api-rs and release a new version containing the security fix?

  • Crate version: 0.10.0
  • OS: all
  • Output of running podman version on the command line:
Version:      3.4.4
API Version:  3.4.4
Go Version:   go1.18.1
OS/Arch:      linux/amd64

Here you can find details about the security issue and recommendations:
time-rs issue
CVE ID: CVE-2020-26235
Weaknesses: WeaknessCWE-476

It would be great if you can provide a new updated version of podman-api-rs including the patch for time-rs dependency.
@inf17101 inf17101 added the C-bug Category: issue or a bug label Sep 12, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
C-bug Category: issue or a bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@inf17101