Quininer

**Name of the Vulnerable Software and Affected Versions** time versions 0.2.7 through 0.2.22 time version 0.1 **Description** Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. The affected functions are `time::UtcOffset::local offset at`, `time::UtcOffset::try local offset at`, `time::UtcOffset::current local offset`, `time::UtcOffset::try current local offset`, `time::OffsetDateTime::now local`, and `time::OffsetDateTime::try now local`. Non-Unix targets, including Windows and wasm, are unaffected. **Recommendations** For time versions 0.2.7 through 0.2.22, perform `cargo update` to pull in the updated, unaffected code. For time version 0.1, upgrade to an unaffected version: time 0.2.23 or greater or the 0.3 series. As a temporary workaround, ensure that the program only has one running thread at the time of calling any affected method. Binary authors may also ensure that no other thread is actively mutating the environment. A possible workaround for crates affected through the transitive dependency in `chrono` is to avoid using the default `oldtime` feature dependency of the `chrono` crate by disabling its `default-features` and manually specifying the required features instead.