Bug ID 1188023
Summary GNOME:Apps/fractal:
Classification openSUSE
Product openSUSE.org
Version unspecified
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component 3rd party software
Assignee os.gnome.maintainers@gmail.com
Reporter william.brown@suse.com
QA Contact screening-team-bugs@suse.de
Found By ---
Blocker --- 

I've recently started a project to automatically scan for potential security
issues in rust packages with cargo audit. I noticed the following on fractal:

 * RUSTSEC-2021-0026 -> crate: comrak, cvss: None, class: ['format-injection']
 * RUSTSEC-2021-0063 -> crate: comrak, cvss: None, class: ['format-injection']
 * RUSTSEC-2020-0060 -> crate: futures-task, cvss: None, class:
['code-execution', 'memory-corruption']
 * RUSTSEC-2020-0059 -> crate: futures-util, cvss: None, class:
['thread-safety']
 * RUSTSEC-2020-0146 -> crate: generic-array, cvss: None, class:
['memory-corruption']
 * RUSTSEC-2021-0020 -> crate: hyper, cvss: None, class: ['format-injection']

Most of these should be able to be resolved with cargo update and re-vendoring
the dependencies. Alternately upstream may have released a
Cargo.toml/Cargo.lock with updates for this. 

It would be great if you could look into updating and resolving these :) 

Thank you! 

-- more info

https://github.com/openSUSE/obs-service-cargo_audit/blob/main/README.md
https://en.opensuse.org/Packaging_Rust_Software

You are receiving this mail because: