Deps.rs

ssrlive / keepass-ng

[![dependency status](https://deps.rs/repo/github/ssrlive/keepass-ng/status.svg)](https://deps.rs/repo/github/ssrlive/keepass-ng)

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate keepass-ng

Dependencies

(33 total, 1 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 aes^0.80.8.4up to date
 as-any^0.30.3.1up to date
 base32^0.50.5.1up to date
 base64^0.220.22.1up to date
 block-modes^0.90.9.1up to date
 byteorder^11.5.0up to date
 cbc^0.10.1.2up to date
 chacha20^0.90.9.1up to date
 challenge_response^0.50.5.28up to date
 chrono ⚠️^0.40.4.39maybe insecure
 cipher^0.40.4.4up to date
 clap^44.5.23up to date
 erased-serde^0.40.4.5up to date
 flate2^11.0.35up to date
 getrandom^0.20.2.15up to date
 hex^0.40.4.3up to date
 hex-literal^0.40.4.1up to date
 hmac^0.120.12.1up to date
 rpassword^77.3.1up to date
 rust-argon2^22.1.0up to date
 salsa20^0.100.10.2up to date
 secstr^0.50.5.1up to date
 serde^11.0.216up to date
 serde_json^11.0.133up to date
 sha1^0.100.10.6up to date
 sha2^0.100.10.8up to date
 thiserror^12.0.7out of date
 totp-lite^22.0.1up to date
 twofish^0.70.7.1up to date
 url^22.5.4up to date
 uuid^11.11.0up to date
 xml-rs^0.80.8.24up to date
 zeroize^11.8.1up to date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 rustfmt^0.10.00.10.0up to date

Security Vulnerabilities

chrono: Potential segfault in `localtime_r` invocations

RUSTSEC-2020-0159

Impact

Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.

Workarounds

No workarounds are known.

References