RUSTSEC-2020-0159: Potential segfault in `localtime_r` invocations

[github-actions]

Potential segfault in localtime_r invocations

Details
Package	chrono
Version	0.4.19
URL	chronotope/chrono#499
Date	2020-11-10

Impact

Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.

Workarounds

No workarounds are known.

References

• time-rs/time#293

See advisory page for additional details.

[mellowagain]

May be a duplicate of #40 - keeping it open as this one is for the chrono crate while #40 is for the time crate

[mellowagain]

The time crate has fixed this issue (I think, but judging from the discussion on the linked issue it seems somewhat still occuring?). Keeping this on hold because as of now there are no known fixes to chrono or work arounds for this issue.