OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-23 15:38:27 +01:00
Code Issues Packages Projects Releases Wiki Activity

Revert "Withdraw RUSTSEC-2020-0071: Potential segfault in the time crate (#1242)" (#1258)

Browse Source 
This reverts commit a47cd63007.

The advisory was withdrawn based on discussions around whether read-only
environment variable access constitutes a vulnerability.

However, per the `time` crate's author @jhpratt, the crate also modifies
the environment and therefore the advisory should *not* be withdrawn:

https://github.com/rustsec/advisory-db/pull/1242#issuecomment-1144903688
This commit is contained in:
Tony Arcieri
2022-06-02 08:37:44 -06:00
committed by GitHub
parent 29281434b7
commit f79eb4bad9
1 changed files with 0 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
crates/time/RUSTSEC-2020-0071.md
View File

@@ -8,8 +8,6 @@ categories = ["code-execution", "memory-corruption"]
cvss = "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" cvss = "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
keywords = ["segfault"] keywords = ["segfault"]
aliases = ["CVE-2020-26235"] aliases = ["CVE-2020-26235"]
withdrawn = "2022-05-13" # see rustsec/advisory-db#1190
yanked = true
[affected] [affected]
# any Unix-like OS # any Unix-like OS