Deps.rs

yubihsm 0.22.0

[![dependency status](https://deps.rs/crate/yubihsm/0.22.0/status.svg)](https://deps.rs/crate/yubihsm/0.22.0)

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate yubihsm

Dependencies

(26 total, 14 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 aes^0.30.8.4out of date
 bitflags^12.5.0out of date
 block-modes^0.20.9.1out of date
 byteorder^1.21.5.0up to date
 chrono ⚠️^0.40.4.38maybe insecure
 cmac^0.20.7.2out of date
 failure^0.10.1.8up to date
 failure_derive^0.10.1.8up to date
 gaunt^0.1N/Aup to date
 hmac^0.70.12.1out of date
 lazy_static^11.4.0up to date
 libusb^0.30.3.0up to date
 log^0.40.4.21up to date
 pbkdf2^0.30.12.2out of date
 rand_os^0.10.2.2out of date
 ring^0.140.17.8out of date
 secp256k1^0.120.29.0out of date
 serde^11.0.198up to date
 serde_derive^11.0.198up to date
 serde_json^11.0.116up to date
 sha2^0.80.10.8out of date
 signatory^0.110.27.1out of date
 subtle^22.5.0up to date
 untrusted^0.60.9.0out of date
 uuid^0.71.8.0out of date
 zeroize^0.41.8.0out of date

Dev dependencies

(6 total, 3 outdated)

CrateRequiredLatestStatus
 criterion^0.20.5.1out of date
 lazy_static^11.4.0up to date
 ring^0.140.17.8out of date
 signatory-ring^0.11N/Aup to date
 signatory-secp256k1^0.11N/Aup to date
 untrusted^0.60.9.0out of date

Security Vulnerabilities

chrono: Potential segfault in `localtime_r` invocations

RUSTSEC-2020-0159

Impact

Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.

Workarounds

No workarounds are known.

References