hexilee / async-postgres Goto Github PK
View Code? Open in Web Editor NEWA runtime-independent asynchronus PostgreSQL client
License: MIT License
async-postgres's Introduction
async-postgres's People
Contributors
Stargazers
Watchers
async-postgres's Issues
RUSTSEC-2020-0159: Potential segfault in `localtime_r` invocations
Potential segfault in
localtime_rinvocations
| Details | |
|---|---|
| Package | chrono |
| Version | 0.4.19 |
| URL | chronotope/chrono#499 |
| Date | 2020-11-10 |
Impact
Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.
Workarounds
No workarounds are known.
References
See advisory page for additional details.
RUSTSEC-2022-0004: Stack overflow in rustc_serialize when parsing deeply nested JSON
Stack overflow in rustc_serialize when parsing deeply nested JSON
| Details | |
|---|---|
| Package | rustc-serialize |
| Version | 0.3.24 |
| Date | 2022-01-01 |
When parsing JSON using json::Json::from_str, there is no limit to the depth of the stack, therefore deeply nested objects can cause a stack overflow, which aborts the process.
Example code that triggers the vulnerability is
fn main() {
let _ = rustc_serialize::json::Json::from_str(&"[0,[".repeat(10000));
}serde is recommended as a replacement to rustc_serialize.
See advisory page for additional details.
RUSTSEC-2019-0031: spin is no longer actively maintained
spin is no longer actively maintained
| Details | |
|---|---|
| Status | unmaintained |
| Package | spin |
| Version | 0.5.2 |
| URL | mvdnes/spin-rs@7516c80 |
| Date | 2019-11-21 |
The author of the spin crate does not have time or interest to maintain it.
Consider the following alternatives (both of which support no_std):
conquer-oncelock_api(a subproject ofparking_lot)spinning_topspinlock crate built onlock_api
See advisory page for additional details.
RUSTSEC-2020-0056: stdweb is unmaintained
stdweb is unmaintained
| Details | |
|---|---|
| Status | unmaintained |
| Package | stdweb |
| Version | 0.4.20 |
| URL | koute/stdweb#403 |
| Date | 2020-05-04 |
The author of the stdweb crate is unresponsive.
Maintained alternatives:
See advisory page for additional details.
RUSTSEC-2021-0124: Data race when sending and receiving after closing a `oneshot` channel
Data race when sending and receiving after closing a
oneshotchannel
| Details | |
|---|---|
| Package | tokio |
| Version | 0.2.25 |
| URL | tokio-rs/tokio#4225 |
| Date | 2021-11-16 |
| Patched versions | >=1.8.4, <1.9.0,>=1.13.1 |
| Unaffected versions | <0.1.14 |
If a tokio::sync::oneshot channel is closed (via the
oneshot::Receiver::close method), a data race may occur if the
oneshot::Sender::send method is called while the corresponding
oneshot::Receiver is awaited or calling try_recv.
When these methods are called concurrently on a closed channel, the two halves
of the channel can concurrently access a shared memory location, resulting in a
data race. This has been observed to cause memory corruption.
Note that the race only occurs when both halves of the channel are used
after the Receiver half has called close. Code where close is not used, or where the
Receiver is not awaited and try_recv is not called after calling close,
is not affected.
See tokio#4225 for more details.
See advisory page for additional details.
RUSTSEC-2020-0016: `net2` crate has been deprecated; use `socket2` instead
net2crate has been deprecated; usesocket2instead
| Details | |
|---|---|
| Status | unmaintained |
| Package | net2 |
| Version | 0.2.34 |
| URL | deprecrated/net2-rs@3350e38 |
| Date | 2020-05-01 |
The net2 crate has been deprecated
and users are encouraged to considered socket2 instead.
See advisory page for additional details.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.