Update to nix 0.20.2 #58

bjax15 · 2021-10-18T17:23:51Z

Describe the bug
A vulnerability has been reported to RustSec for the nix 0.20.0 crate. The affected function doesn't look to be used in this crate, however, using cargo audit will trip on the 0.20.0 dependency nonetheless.

Expected behavior
Running cargo audit without error.

Additional context
RustSec entry:

Crate:         nix
Version:       0.20.0
Title:         Out-of-bounds write in nix::unistd::getgrouplist
Date:          2021-09-27
ID:            RUSTSEC-2021-0119
URL:           https://rustsec.org/advisories/RUSTSEC-2021-0119
Solution:      Upgrade to ^0.20.2 OR ^0.21.2 OR ^0.22.2 OR >=0.23.0

The text was updated successfully, but these errors were encountered:

Tim-Zhang · 2021-10-22T06:06:42Z

As a library we don't have a Cargo.lock in our repo so that users can upgrade the nix version by themselves.

Enforces use of a version of nix which contains a patch for RUSTSEC-2021-0119. Fixes kata-containers#58 Signed-off-by: Jon Magnuson <jon.magnuson@gmail.com>

Tim-Zhang · 2021-11-10T03:40:35Z

ah, it makes sense if the major number is different.

bjax15 added bug Something isn't working needs-review labels Oct 18, 2021

jmagnuson added a commit to jmagnuson/cgroups-rs that referenced this issue Oct 29, 2021

deps: update nix to 0.20.2

88b7aaf

Enforces use of a version of nix which contains a patch for RUSTSEC-2021-0119. Fixes kata-containers#58 Signed-off-by: Jon Magnuson <jon.magnuson@gmail.com>

jmagnuson mentioned this issue Oct 29, 2021

deps: update nix to 0.20.2 #59

Merged

Tim-Zhang closed this as completed in #59 Nov 11, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update to nix 0.20.2 #58

Update to nix 0.20.2 #58

bjax15 commented Oct 18, 2021

Tim-Zhang commented Oct 22, 2021

Tim-Zhang commented Nov 10, 2021

Update to nix 0.20.2 #58

Update to nix 0.20.2 #58

Comments

bjax15 commented Oct 18, 2021

Tim-Zhang commented Oct 22, 2021

Tim-Zhang commented Nov 10, 2021