GNU bug report logs - #53461
[kiasoc5@tutanota.com: Rust CVE]

Previous Next

Package: guix-patches;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Sun, 23 Jan 2022 00:31:02 UTC

Severity: normal

Tags: patch

Merged with 54439, 56684

Done: Marius Bakke <marius <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

Message #14 received at 53461 <at> debbugs.gnu.org (full text, mbox):

From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: Leo Famulari <leo <at> famulari.name>
Cc: 53461 <at> debbugs.gnu.org
Subject: Re: bug#53461: [kiasoc5 <at> tutanota.com: Rust CVE]
Date: Mon, 24 Jan 2022 16:31:25 -0500

Hi,

Leo Famulari <leo <at> famulari.name> writes:

> On Sat, Jan 22, 2022 at 10:33:52PM -0500, Maxim Cournoyer wrote:
>> The rust-1.57 variable should probably be made private or hidden now.
>> 
>> Also, unless we rebuild all crates with rust-1.58, it seems to me like
>> we won't be addressing the problem, as the CVE touches the
>> 'remove_dir_all' procedure part of the standard library of Rust (and we
>> all know Rust likes to build things statically).
>> 
>> Am I missing something?
>
> I don't know about Rust things! I just forwarded this message from the
> private list to the public list.

OK!  I just asked in #rust and they confirmed what I thought (all crates
-- well the ones using 'std::fs::remove_dir_all' but we can't easily
know) needs to be rebuilt if we are to patch that CVE.

Maxim

This bug report was last modified 2 years and 343 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #53461 [kiasoc5@tutanota.com: Rust CVE]

GNU bug report logs - #53461
[kiasoc5@tutanota.com: Rust CVE]