Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RUSTSEC-2021-0073: Conversion from prost_types::Timestamp to SystemTime can cause an overflow and panic #925

Closed
github-actions bot opened this issue Jul 9, 2021 · 1 comment · Fixed by #926 or #1011
Closed

RUSTSEC-2021-0073: Conversion from prost_types::Timestamp to SystemTime can cause an overflow and panic #925

github-actions bot opened this issue Jul 9, 2021 · 1 comment · Fixed by #926 or #1011
Assignees
@thanethomson
Labels
dependencies Pull requests that update a dependency file serialization
Milestone
Q3 2021

Comments

@github-actions
Copy link

github-actions bot commented Jul 9, 2021

Conversion from prost_types::Timestamp to SystemTime can cause an overflow and panic

Details
Package prost-types
Version 0.7.0
URL tokio-rs/prost#438
Date 2021-07-08
Patched versions >=0.8.0

Affected versions of this crate contained a bug in which untrusted input could cause an overflow and panic when converting a Timestamp to SystemTime.

It is recommended to upgrade to prost-types v0.8 and switch the usage of From<Timestamp> for SystemTime to TryFrom<Timestamp> for SystemTime.

See #438 for more information.

See advisory page for additional details.
@romac romac mentioned this issue Jul 9, 2021
Merged
5 tasks
@romac romac closed this as completed in #926 Jul 9, 2021
@thanethomson thanethomson mentioned this issue Jul 13, 2021
Closed
5 tasks
@thanethomson
Copy link
Contributor

Reopening this until tokio-rs/prost#502 is resolved. Will open a PR with a temporary revert for #926 shortly.

@thanethomson thanethomson reopened this Jul 13, 2021
@thanethomson thanethomson mentioned this issue Jul 13, 2021
Merged
5 tasks
@thanethomson thanethomson added this to the Q3 2021 milestone Jul 13, 2021
@thanethomson thanethomson added dependencies Pull requests that update a dependency file serialization labels Jul 13, 2021
@thanethomson thanethomson mentioned this issue Jul 20, 2021
Merged
5 tasks
@jnicholls jnicholls mentioned this issue Jul 27, 2021
Closed
This was referenced Sep 15, 2021
Closed
Closed
@thanethomson thanethomson self-assigned this Sep 17, 2021
@thanethomson thanethomson mentioned this issue Oct 25, 2021
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@thanethomson thanethomson

Labels
dependencies Pull requests that update a dependency file serialization
Projects
None yet
Milestone
Q3 2021
1 participant
@thanethomson