Summary: | <dev-lang/rust{-bin,}-1.66.1: cargo lacking ssh host key checking | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | gyakovlev, navi, randy, rust |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.openwall.com/lists/oss-security/2023/01/10/3 | ||
Whiteboard: | B2 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 890541 | ||
Bug Blocks: |
Description
John Helmert III
2023-01-10 22:24:11 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bff393adcf173781fd00560a306f6597ead75208 commit bff393adcf173781fd00560a306f6597ead75208 Author: Georgy Yakovlev <gyakovlev@gentoo.org> AuthorDate: 2023-01-11 20:35:46 +0000 Commit: Georgy Yakovlev <gyakovlev@gentoo.org> CommitDate: 2023-01-11 20:40:09 +0000 dev-lang/rust: add 1.66.1, drop 1.66.0 Bug: https://bugs.gentoo.org/890371 Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org> dev-lang/rust/Manifest | 4 ++-- dev-lang/rust/{rust-1.66.0.ebuild => rust-1.66.1.ebuild} | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) no need for separate patches (because of -bin), I'll simply drop <1.66.1 was going to stabilize 1.66.x anyway. Thanks! Ping. Please clean up vulnerable versions rust-1.65.0 and rust-bin-1.65.0-r1. commit d4946c5f8d3fa1aec5e5d4d3f64971d89958fde3 Author: Matt Turner <mattst88@gentoo.org> Date: Wed Jan 24 12:17:38 2024 -0500 dev-lang/rust: Drop old versions The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=99ed81387ba7dbcd82799c29cbe519ef1febcf69 commit 99ed81387ba7dbcd82799c29cbe519ef1febcf69 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-09-22 06:09:00 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-09-22 06:09:09 +0000 [ GLSA 202409-07 ] Rust: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/890371 Bug: https://bugs.gentoo.org/911685 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202409-07.xml | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) |