bootandy/archived-dust
1
0
Fork 0
mirror of https://github.com/bootandy/dust.git synced 2026-06-08 11:29:05 +03:00
Code Issues 21 Packages Projects Releases 10 Wiki Activity

[GH-ISSUE #324] Version v0.8.5 has 1 vulnerability as reported by cargo audit #143

New Issue
Closed
opened 2026-06-08 11:25:52 +03:00 by zhus · 3 comments
zhus commented 2026-06-08 11:25:52 +03:00
Owner
Copy Link
Copy Source

Originally created by @VaiTon on GitHub (May 1, 2023).
Original GitHub issue: https://github.com/bootandy/dust/issues/324

xxx@xxx ~/dust ((v0.8.5))> cargo audit
    Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 543 security advisories (from /home/eyad/.cargo/advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (94 crate dependencies)
Crate:     remove_dir_all
Version:   0.5.3
Title:     Race Condition Enabling Link Following and Time-of-check Time-of-use (TOCTOU)
Date:      2023-02-24
ID:        RUSTSEC-2023-0018
URL:       https://rustsec.org/advisories/RUSTSEC-2023-0018
Solution:  Upgrade to >=0.8.0
Dependency tree:
remove_dir_all 0.5.3
└── tempfile 3.3.0
    └── du-dust 0.8.5

...

error: 1 vulnerability found!
warning: 3 allowed warnings found

This has been fixed by https://github.com/bootandy/dust/commit/bdfd3c01a571e2afc1077af596970eb76eb6fa4c, but no new version has been tagged.

Please tag a new version to allow package maintainers of various distros to update the package.

Originally created by @VaiTon on GitHub (May 1, 2023). Original GitHub issue: https://github.com/bootandy/dust/issues/324 ``` xxx@xxx ~/dust ((v0.8.5))> cargo audit Fetching advisory database from `https://github.com/RustSec/advisory-db.git` Loaded 543 security advisories (from /home/eyad/.cargo/advisory-db) Updating crates.io index Scanning Cargo.lock for vulnerabilities (94 crate dependencies) Crate: remove_dir_all Version: 0.5.3 Title: Race Condition Enabling Link Following and Time-of-check Time-of-use (TOCTOU) Date: 2023-02-24 ID: RUSTSEC-2023-0018 URL: https://rustsec.org/advisories/RUSTSEC-2023-0018 Solution: Upgrade to >=0.8.0 Dependency tree: remove_dir_all 0.5.3 └── tempfile 3.3.0 └── du-dust 0.8.5 ... error: 1 vulnerability found! warning: 3 allowed warnings found ``` This has been fixed by https://github.com/bootandy/dust/commit/bdfd3c01a571e2afc1077af596970eb76eb6fa4c, but no new version has been tagged. Please tag a new version to allow package maintainers of various distros to update the package.
zhus closed this issue 2026-06-08 11:25:52 +03:00
zhus commented 2026-06-08 11:25:52 +03:00
Author
Owner
Copy Link
Copy Source

@bootandy commented on GitHub (May 5, 2023):

will do.

<!-- gh-comment-id:1536678739 --> @bootandy commented on GitHub (May 5, 2023): will do.
zhus commented 2026-06-08 11:25:52 +03:00
Author
Owner
Copy Link
Copy Source

@bootandy commented on GitHub (May 5, 2023):

https://github.com/bootandy/dust/releases/tag/v0.8.6

<!-- gh-comment-id:1536728003 --> @bootandy commented on GitHub (May 5, 2023): https://github.com/bootandy/dust/releases/tag/v0.8.6
zhus commented 2026-06-08 11:25:52 +03:00
Author
Owner
Copy Link
Copy Source

@VaiTon commented on GitHub (May 6, 2023):

Thanks!

<!-- gh-comment-id:1537129077 --> @VaiTon commented on GitHub (May 6, 2023): Thanks!
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
good first issue
help wanted
pull-request
Mirrored from GitHub Pull Request
 windows help wanted
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
zhus (Sergey Zhukov)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: bootandy/archived-dust#143
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?