GNU bug report logs - #53461
[kiasoc5@tutanota.com: Rust CVE]

Previous Next

Package: guix-patches;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Sun, 23 Jan 2022 00:31:02 UTC

Severity: normal

Tags: patch

Merged with 54439, 56684

Done: Marius Bakke <marius <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

Message #20 received at 53461 <at> debbugs.gnu.org (full text, mbox):

From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: Leo Famulari <leo <at> famulari.name>
Cc: 53461 <at> debbugs.gnu.org
Subject: Re: bug#53461: [kiasoc5 <at> tutanota.com: Rust CVE]
Date: Tue, 25 Jan 2022 18:06:55 -0500

Hello,

Leo Famulari <leo <at> famulari.name> writes:

> On Mon, Jan 24, 2022 at 04:31:25PM -0500, Maxim Cournoyer wrote:
>> OK!  I just asked in #rust and they confirmed what I thought (all crates
>> -- well the ones using 'std::fs::remove_dir_all' but we can't easily
>> know) needs to be rebuilt if we are to patch that CVE.
>
> Okay. Let's see...
>
> ------
> $ git grep cargo-build-system gnu/packages | wc -l
> 2152
> ------
>
> I suppose we could do it quickly on a branch.

Note that Rust is now needed to build all of GTK, at least on x86_64.
That's a rather large rebuild.

Maxim
This bug report was last modified 2 years and 343 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.