GNU bug report logs - #47544
rust-slice-deque is vulnerable to CVE-2021-29938

Package: guix;

Reported by: Léo Le Bouter <lle-bout <at> zaclys.net>

Date: Thu, 1 Apr 2021 14:09:03 UTC

Severity: normal

Tags: security

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Léo Le Bouter <lle-bout <at> zaclys.net>
To: bug-guix <at> gnu.org
Subject: rust-slice-deque is vulnerable to CVE-2021-29938
Date: Thu, 01 Apr 2021 16:08:47 +0200

[Message part 1 (text/plain, inline)]

CVE-2021-29938	07:15
An issue was discovered in the slice-deque crate through 2021-02-19 for
Rust. A double drop can occur in SliceDeque::drain_filter upon a panic
in a predicate function.

Upstream PR: https://github.com/gnzlbg/slice_deque/pull/91

I suggest we wait for merge then update our package.

[signature.asc (application/pgp-signature, inline)]

This bug report was last modified 3 years and 84 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #47544 rust-slice-deque is vulnerable to CVE-2021-29938

GNU bug report logs - #47544
rust-slice-deque is vulnerable to CVE-2021-29938