While updating bottom to 0.9.7 today, I noticed that there's an open RUSTSEC for mio. Technically this doesn't affect Gentoo because the advisory states that only Windows is affected, but I thought I might as well file this just for a record of statement that we aren't affected. I plan to go ahead and patch it as well because I need to patch other dependencies for other reasons anyway. See https://rustsec.org/advisories/RUSTSEC-2024-0019 for details. Reproducible: Always
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b827ff88fd5651dece1250b60222bf9b1fb1324d commit b827ff88fd5651dece1250b60222bf9b1fb1324d Author: Randy Barlow <randy@electronsweatshop.com> AuthorDate: 2024-07-31 21:50:48 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2024-08-03 15:51:46 +0000 sys-process/bottom: RUSTSEC-2024-0019: Add 0.10.1 This change adds bottom 0.10.1. This version addresses RUSTSEC-2024-0019[0][1]. The advisory states that only Windows is affected. [0] https://rustsec.org/advisories/RUSTSEC-2024-0019 [1] https://github.com/ClementTsang/bottom/issues/1521 Closes: https://bugs.gentoo.org/937026 Signed-off-by: Randy Barlow <randy@electronsweatshop.com> Closes: https://github.com/gentoo/gentoo/pull/37889 Signed-off-by: Michał Górny <mgorny@gentoo.org> sys-process/bottom/Manifest | 173 ++++++++++++++++++++ sys-process/bottom/bottom-0.10.1.ebuild | 282 ++++++++++++++++++++++++++++++++ 2 files changed, 455 insertions(+)
