RUSTSEC-2020-0071 chrono: Potential segfault in the time crate and

[darnuria]

Hello, thanks for the crate! :)

Just launched a cargo audit on this crate and it turn out it's affected by:

• Time: https://rustsec.org/advisories/RUSTSEC-2020-0071 chrono not directly affected see CVE-2020-26235 advisory for time 0.1 dependency chronotope/chrono#602
• stdweb: https://rustsec.org/advisories/RUSTSEC-2020-0056 unmaintained Maintenance status? koute/stdweb#403
  see:

I suppose the solution to these two one is to acknowledge them for now by putting them into .cargo/audit.toml
like done in trust-dns crate: trust-dns/.cargo/audit.toml and leave an issue open for now until a solution land, some work is done in chrono about theses two.

Can do a PR if you want. :)

cargo audit
    Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 473 security advisories (from /home/axel/.cargo/advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (170 crate dependencies)
Crate:     time
Version:   0.1.45
Title:     Potential segfault in the time crate
Date:      2020-11-18
ID:        RUSTSEC-2020-0071
URL:       https://rustsec.org/advisories/RUSTSEC-2020-0071
Solution:  Upgrade to >=0.2.23
Dependency tree:
time 0.1.45
└── chrono 0.4.23
    └── mysql_common 0.29.2

error: 1 vulnerability found!
warning: 1 allowed warning found

[darnuria]

Thanks! :)