Closed
Bug 1509971
Opened 6 years ago
Closed 3 years ago
Run cargo audit against Firefox regularly
Categories
(Core :: Security, enhancement)
Core
Security
Tracking
()
RESOLVED
DUPLICATE
of bug 1451332
| Tracking | Status | |
|---|---|---|
| firefox65 | --- | affected |
People
(Reporter: Alex_Gaynor, Assigned: cr)
References
(Blocks 1 open bug)
Details
(Keywords: sec-want)
https://rustsec.org/advisories/ provides a list of known vulnerabilities in rust projects, as well as tooling to check Cargo.lock files for issues. We should run |cargo audit| regularly so that we are aware of issues and can resolve them quickly. There's currently one finding, which isn't a significant issue, but which we ought to resolve anyways: ~/p/mozilla-central ❯❯❯ cargo audit Fetching advisory database from `https://github.com/RustSec/advisory-db.git` Loaded 14 security advisories (from /Users/agaynor/.cargo/advisory-db) Scanning Cargo.lock for vulnerabilities (346 crate dependencies) error: Vulnerable crates found! ID: RUSTSEC-2018-0006 Crate: yaml-rust Version: 0.4.0 Date: 2018-09-17 URL: https://github.com/chyh1990/yaml-rust/pull/109 Title: Uncontrolled recursion leads to abort in deserialization Solution: upgrade to: >= 0.4.1 error: 1 vulnerability found!
|
||
Updated•6 years ago
|
Assignee: nobody → ptheriault
|
Reporter | |
Comment 1•6 years ago
|
||
I've sent a PR to upstream webrender to resolve the issue with the old yaml-rust: https://github.com/servo/webrender/pull/3356
|
|
||
Updated•6 years ago
|
Assignee: ptheriault → cr
|
||
Updated•3 years ago
|
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•