Parity-ethereum: error: Vulnerable crates found!

Created on 9 Oct 2018  路  5Comments  路  Source: openethereum/parity-ethereum
  • Parity Ethereum version: 2.1.2
  • Operating system: Linux
  • Installation: built from source
  • Fully synchronized: no
  • Network: ethereum
  • Restarted: yes
    Scanning Cargo.lock for vulnerabilities (385 crate dependencies)
error: Vulnerable crates found!

ID:  RUSTSEC-2018-0003
Crate:   smallvec
Version: 0.2.1
Date:    2018-07-19
URL:     https://github.com/servo/rust-smallvec/issues/96
Title:   Possible double free during unwinding in SmallVec::insert_many
Solution: upgrade to: >= 0.6.3 OR ^0.3.4 OR ^0.4.5 OR ^0.5.1

ID:  RUSTSEC-2018-0001
Crate:   untrusted
Version: 0.5.1
Date:    2018-06-21
URL:     https://github.com/briansmith/untrusted/pull/20
Title:   An integer underflow could lead to panic
Solution: upgrade to: >= 0.6.2

error: 2 vulnerabilities found!
ERROR: Job failed: exit code 1
F1-security 馃洝 M5-dependencies 馃枃 P2-asap 馃寠
Source
picture 5chdn

Most helpful comment

I can get #9657 mergable today... Maybe...

picture c0gent on 9 Oct 2018
🎉2 👍1

All 5 comments

https://gitlab.parity.io/parity/parity-ethereum/-/jobs/103461

5chdn picture 5chdn on 9 Oct 2018

@5chdn this should be fixed in #9657 (see paritytech/devops/issues/216)

ordian picture ordian on 9 Oct 2018

This PR is pretty much in limbo. Is it that involved to fix?

5chdn picture 5chdn on 9 Oct 2018

@5chdn Yes, it involves re-writing the util/fetch with a new Hyper. I will try to make #9657 happen, that's our safest bet.

kirushik picture kirushik on 9 Oct 2018
🎉1

I can get #9657 mergable today... Maybe...

c0gent picture c0gent on 9 Oct 2018
🎉2 👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

danfinlay picture danfinlay  路  3Comments
stone212 picture stone212  路  3Comments
mr-older picture mr-older  路  3Comments
BillSantos picture BillSantos  路  3Comments
Michael2008S picture Michael2008S  路  3Comments