Deps.rs

rcore-os / zcore

[![dependency status](https://deps.rs/repo/github/rcore-os/zcore/status.svg)](https://deps.rs/repo/github/rcore-os/zcore)

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate zcore-drivers

Dependencies

(13 total, 8 outdated)

CrateRequiredLatestStatus
 log^0.40.4.27up to date
 cfg-if^1.01.0.0up to date
 bitflags^1.32.9.0out of date
 lazy_static^1.41.5.0up to date
 numeric-enum-macro^0.20.2.0up to date
 d1-pac^0.0.270.0.32out of date
 volatile^0.30.6.1out of date
 async-std^1.101.13.1up to date
 sdl2^0.340.37.0out of date
 acpi^4.15.2.0out of date
 x2apic^0.40.5.0out of date
 x86_64^0.140.15.2out of date
 riscv^0.90.13.0out of date

Crate kernel-hal

Dependencies

(21 total, 13 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 log^0.40.4.27up to date
 spin^0.90.10.0out of date
 cfg-if^1.01.0.0up to date
 bitflags^1.32.9.0out of date
 trapframe^0.9.00.10.0out of date
 git-version^0.30.3.9up to date
 numeric-enum-macro^0.20.2.0up to date
 lazy_static^1.41.5.0up to date
 nix^0.230.30.1out of date
 tempfile^33.19.1up to date
 async-std^1.101.13.1up to date
 naive-timer^0.2.00.2.0up to date
 riscv^0.90.13.0out of date
 sbi-rt^0.0.20.0.3out of date
 x86^0.460.52.0out of date
 x86_64^0.140.15.2out of date
 tock-registers^0.70.9.0out of date
 cortex-a^7.2.08.1.1out of date
 uefi^0.160.35.0out of date
 raw-cpuid ⚠️^9.011.5.0out of date
 x2apic^0.40.5.0out of date

Crate zircon-object

Dependencies

(9 total, 4 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 bitflags^1.32.9.0out of date
 log^0.40.4.27up to date
 hashbrown^0.90.15.3out of date
 downcast-rs^1.22.0.1out of date
 numeric-enum-macro^0.20.2.0up to date
 futures^0.30.3.31up to date
 xmas-elf ⚠️^0.70.10.0out of date
 lazy_static^1.41.5.0up to date
 cfg-if^1.01.0.0up to date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 async-std^1.101.13.1up to date

Crate zircon-syscall

Dependencies

(5 total, 1 outdated)

CrateRequiredLatestStatus
 log^0.40.4.27up to date
 bitflags^1.32.9.0out of date
 numeric-enum-macro^0.20.2.0up to date
 futures^0.30.3.31up to date
 cfg-if^1.01.0.0up to date

Crate linux-object

Dependencies

(9 total, 4 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 async-trait^0.10.1.88up to date
 log^0.40.4.27up to date
 xmas-elf ⚠️^0.70.10.0out of date
 bitflags^1.32.9.0out of date
 hashbrown^0.90.15.3out of date
 numeric-enum-macro^0.20.2.0up to date
 downcast-rs^1.22.0.1out of date
 lazy_static^1.41.5.0up to date
 cfg-if^1.01.0.0up to date

Crate linux-syscall

Dependencies

(7 total, 2 outdated)

CrateRequiredLatestStatus
 log^0.40.4.27up to date
 bitflags^1.32.9.0out of date
 numeric-enum-macro^0.20.2.0up to date
 static_assertions^1.1.01.1.0up to date
 lazy_static^1.41.5.0up to date
 bitvec^0.221.0.1out of date
 futures^0.30.3.31up to date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 async-std^1.101.13.1up to date

Crate zcore-loader

Dependencies

(3 total, 1 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 log^0.40.4.27up to date
 cfg-if^1.01.0.0up to date
 xmas-elf ⚠️^0.70.10.0out of date

Dev dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 env_logger^0.90.11.8out of date
 async-std^1.101.13.1up to date

Crate zcore

Dependencies

(12 total, 4 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 log^0.40.4.27up to date
 cfg-if^1.01.0.0up to date
 spin^0.9.40.10.0out of date
 customizable-buddy^0.0.30.0.3up to date
 async-std^1.101.13.1up to date
 chrono ⚠️^0.40.4.41maybe insecure
 r0^11.0.0up to date
 riscv^0.90.13.0out of date
 dtb-walker=0.2.0-alpha.30.1.3up to date
 page-table^0.0.60.0.6up to date
 sbi-rt^0.0.20.0.3out of date
 buddy_system_allocator^0.80.11.0out of date

Crate z-config

Dependencies

(3 total, 1 outdated)

CrateRequiredLatestStatus
 serde^1.01.0.219up to date
 serde_derive^1.01.0.219up to date
 toml^0.5.90.8.22out of date

Crate xtask

Dependencies

(7 total, 2 outdated)

CrateRequiredLatestStatus
 clap^4.04.5.38up to date
 dircpy^0.30.3.19up to date
 rand^0.80.9.1out of date
 once_cell^1.15.01.21.3up to date
 num_cpus^11.16.0up to date
 os-xtask-utils^0.0.00.0.0up to date
 shadow-rs^0.111.1.1out of date

Build dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 shadow-rs^0.111.1.1out of date

Security Vulnerabilities

chrono: Potential segfault in `localtime_r` invocations

RUSTSEC-2020-0159

Impact

Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.

Workarounds

No workarounds are known.

References

raw-cpuid: Optional `Deserialize` implementations lacking validation

RUSTSEC-2021-0089

When activating the non-default feature serialize, most structs implement serde::Deserialize without sufficient validation. This allows breaking invariants in safe code, leading to:

  • Undefined behavior in as_string() methods (which use std::str::from_utf8_unchecked() internally).
  • Panics due to failed assertions.

See https://github.com/gz/rust-cpuid/issues/43.

xmas-elf: Potential out-of-bounds read with a malformed ELF file and the HashTable API.

RUSTSEC-2025-0018

Affected versions of this crate only validated the index argument of HashTable::get_bucket and HashTable::get_chain against the input-controlled bucket_count and chain_count fields, but not against the size of the ELF section. As a result, a malformed ELF file could trigger out-of-bounds reads in a consumer of the HashTable API by setting these fields to inappropriately large values that would fall outside the relevant hash table section, and by introducing correspondingly out-of-bounds hash table indexes elsewhere in the ELF file.