RUSTSEC-2020-0146: arr! macro erases lifetimes
github-actions opened this issue · comments
arr! macro erases lifetimes
Details | |
---|---|
Package | generic-array |
Version | 0.12.3 |
URL | fizyk20/generic-array#98 |
Date | 2020-04-09 |
Patched versions | >=0.14.0 |
Unaffected versions | <0.8.0 |
Affected versions of this crate allowed unsoundly extending
lifetimes using arr!
macro. This may result in a variety of
memory corruption scenarios, most likely use-after-free.
See advisory page for additional details.
tera
depends on pest_meta
which depends on sha-1:0.8
which depends on block-buffer:0.7.3
and digest:0.8.1
which depends on the old version of generic-array
.
pest
team fixed it, but doesn't release yet:
pest-parser/pest@4fcdcfb