Bug ID | 1188023 |
---|---|
Summary | GNOME:Apps/fractal: |
Classification | openSUSE |
Product | openSUSE.org |
Version | unspecified |
Hardware | Other |
OS | Other |
Status | NEW |
Severity | Normal |
Priority | P5 - None |
Component | 3rd party software |
Assignee | os.gnome.maintainers@gmail.com |
Reporter | william.brown@suse.com |
QA Contact | screening-team-bugs@suse.de |
Found By | --- |
Blocker | --- |
I've recently started a project to automatically scan for potential security issues in rust packages with cargo audit. I noticed the following on fractal: * RUSTSEC-2021-0026 -> crate: comrak, cvss: None, class: ['format-injection'] * RUSTSEC-2021-0063 -> crate: comrak, cvss: None, class: ['format-injection'] * RUSTSEC-2020-0060 -> crate: futures-task, cvss: None, class: ['code-execution', 'memory-corruption'] * RUSTSEC-2020-0059 -> crate: futures-util, cvss: None, class: ['thread-safety'] * RUSTSEC-2020-0146 -> crate: generic-array, cvss: None, class: ['memory-corruption'] * RUSTSEC-2021-0020 -> crate: hyper, cvss: None, class: ['format-injection'] Most of these should be able to be resolved with cargo update and re-vendoring the dependencies. Alternately upstream may have released a Cargo.toml/Cargo.lock with updates for this. It would be great if you could look into updating and resolving these :) Thank you! -- more info https://github.com/openSUSE/obs-service-cargo_audit/blob/main/README.md https://en.opensuse.org/Packaging_Rust_Software