[bug#53461] [address@hidden: Rust CVE]

guix-patches

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#53461] [address@hidden: Rust CVE]

From:	Maxim Cournoyer
Subject:	[bug#53461] [address@hidden: Rust CVE]
Date:	Mon, 24 Jan 2022 16:31:25 -0500
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)

Hi,

Leo Famulari <leo@famulari.name> writes:

> On Sat, Jan 22, 2022 at 10:33:52PM -0500, Maxim Cournoyer wrote:
>> The rust-1.57 variable should probably be made private or hidden now.
>> 
>> Also, unless we rebuild all crates with rust-1.58, it seems to me like
>> we won't be addressing the problem, as the CVE touches the
>> 'remove_dir_all' procedure part of the standard library of Rust (and we
>> all know Rust likes to build things statically).
>> 
>> Am I missing something?
>
> I don't know about Rust things! I just forwarded this message from the
> private list to the public list.

OK!  I just asked in #rust and they confirmed what I thought (all crates
-- well the ones using 'std::fs::remove_dir_all' but we can't easily
know) needs to be rebuilt if we are to patch that CVE.

Maxim

[Prev in Thread]

Current Thread

[Next in Thread]

[bug#53461] [address@hidden: Rust CVE], Leo Famulari, 2022/01/22
- [bug#53461] [address@hidden: Rust CVE], Maxim Cournoyer, 2022/01/22
  - [bug#53461] [address@hidden: Rust CVE], Leo Famulari, 2022/01/23
    - [bug#53461] [address@hidden: Rust CVE], Maxim Cournoyer <=
    - [bug#53461] [address@hidden: Rust CVE], Leo Famulari, 2022/01/24
    - [bug#53461] [address@hidden: Rust CVE], Maxim Cournoyer, 2022/01/25
    - [bug#53461] [address@hidden: Rust CVE], Leo Famulari, 2022/01/25
    - [bug#53461] [address@hidden: Rust CVE], Maxim Cournoyer, 2022/01/27

Prev by Date: [bug#53439] [PATCH] doc: Document search paths.
Next by Date: [bug#53395] Fix pypi import for flake8-array-spacing
Previous by thread: [bug#53461] [address@hidden: Rust CVE]
Next by thread: [bug#53461] [address@hidden: Rust CVE]
Index(es):
- Date
- Thread