GNU bug report logs - #47544
rust-slice-deque is vulnerable to CVE-2021-29938

Package: guix;

Reported by: Léo Le Bouter <lle-bout <at> zaclys.net>

Date: Thu, 1 Apr 2021 14:09:03 UTC

Severity: normal

Tags: security

View this message in rfc822 format

From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: Léo Le Bouter <lle-bout <at> zaclys.net>
Cc: 47544 <at> debbugs.gnu.org
Subject: bug#47544: rust-slice-deque is vulnerable to CVE-2021-29938
Date: Tue, 22 Mar 2022 22:39:11 -0400

Hello,

Léo Le Bouter <lle-bout <at> zaclys.net> writes:

> CVE-2021-29938	07:15
> An issue was discovered in the slice-deque crate through 2021-02-19 for
> Rust. A double drop can occur in SliceDeque::drain_filter upon a panic
> in a predicate function.
>
> Upstream PR: https://github.com/gnzlbg/slice_deque/pull/91

The project appears unmaintained [0].

[0]  https://github.com/gnzlbg/slice_deque/issues/94.

It's used by a couple other packages (how many?  hard to tell, this
being Rust in Guix).

Thanks,

Maxim

This bug report was last modified 3 years and 84 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #47544 rust-slice-deque is vulnerable to CVE-2021-29938

GNU bug report logs - #47544
rust-slice-deque is vulnerable to CVE-2021-29938