See https://blog.rust-lang.org/2021/11/01/cve-2021-42574.html for full details but: "This is a vulnerability in the Unicode specification, and its assigned identifier is CVE-2021-42574. While the vulnerability itself is not a rustc flaw, we're taking proactive measures to mitigate its impact on Rust developers." These changes are in 1.56.1.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4472b5830b3716ae519c16373bb20f0e095c9171 commit 4472b5830b3716ae519c16373bb20f0e095c9171 Author: Georgy Yakovlev <gyakovlev@gentoo.org> AuthorDate: 2021-11-01 21:12:39 +0000 Commit: Georgy Yakovlev <gyakovlev@gentoo.org> CommitDate: 2021-11-01 21:24:39 +0000 virtual/rust: add 1.56.1 Bug: https://bugs.gentoo.org/821157 Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org> virtual/rust/rust-1.56.1.ebuild | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bdc5a6ee75fe37364e572020eb53f21192262442 commit bdc5a6ee75fe37364e572020eb53f21192262442 Author: Georgy Yakovlev <gyakovlev@gentoo.org> AuthorDate: 2021-11-01 21:12:04 +0000 Commit: Georgy Yakovlev <gyakovlev@gentoo.org> CommitDate: 2021-11-01 21:24:38 +0000 dev-lang/rust: add 1.56.1 Bug: https://bugs.gentoo.org/821157 Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org> dev-lang/rust/Manifest | 2 + dev-lang/rust/rust-1.56.1.ebuild | 683 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 685 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cc47a74899bc044dfb4bc6b6d6c70680409c8643 commit cc47a74899bc044dfb4bc6b6d6c70680409c8643 Author: Georgy Yakovlev <gyakovlev@gentoo.org> AuthorDate: 2021-11-01 21:11:50 +0000 Commit: Georgy Yakovlev <gyakovlev@gentoo.org> CommitDate: 2021-11-01 21:24:37 +0000 dev-lang/rust-bin: add 1.56.1 Bug: https://bugs.gentoo.org/821157 Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org> dev-lang/rust-bin/Manifest | 32 ++++++ dev-lang/rust-bin/rust-bin-1.56.1.ebuild | 187 +++++++++++++++++++++++++++++++ 2 files changed, 219 insertions(+)
Thanks! Please file a stablereq when ready.
Please cleanup
will do after I get green light from mozilla team.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2e3b84dd5e01c54a20d60954fc29ccff9abe0871 commit 2e3b84dd5e01c54a20d60954fc29ccff9abe0871 Author: Georgy Yakovlev <gyakovlev@gentoo.org> AuthorDate: 2022-01-22 01:21:48 +0000 Commit: Georgy Yakovlev <gyakovlev@gentoo.org> CommitDate: 2022-01-22 01:22:32 +0000 profiles: mask vulnerable rust versions (and seamonkey) Bug: https://bugs.gentoo.org/831638 Bug: https://bugs.gentoo.org/821157 Bug: https://bugs.gentoo.org/824066 Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org> profiles/package.mask | 12 ++++++++++++ 1 file changed, 12 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7c373dd540306f0f2e4846f204bcd1a9a58b2d78 commit 7c373dd540306f0f2e4846f204bcd1a9a58b2d78 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-01-29 05:51:28 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-01-29 05:53:08 +0000 profiles: drop seamonkey mask now it's been bumped Bug: https://bugs.gentoo.org/831638 Bug: https://bugs.gentoo.org/821157 Bug: https://bugs.gentoo.org/824066 Bug: https://bugs.gentoo.org/831977 Bug: https://bugs.gentoo.org/828479 Signed-off-by: Sam James <sam@gentoo.org> profiles/package.mask | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=86f377d22c2cc041d32b53f444f6c32aebd909a4 commit 86f377d22c2cc041d32b53f444f6c32aebd909a4 Author: Georgy Yakovlev <gyakovlev@gentoo.org> AuthorDate: 2022-01-29 17:04:25 +0000 Commit: Georgy Yakovlev <gyakovlev@gentoo.org> CommitDate: 2022-01-29 17:06:53 +0000 dev-lang/rust: drop versions leaving mask in place for another couple of week to encourage updating Bug: https://bugs.gentoo.org/821157 Bug: https://bugs.gentoo.org/831638 Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org> dev-lang/rust/Manifest | 172 ----- ....0-ignore-broken-and-non-applicable-tests.patch | 75 --- dev-lang/rust/files/1.53.0-miri-vergen.patch | 53 -- dev-lang/rust/files/1.53.0-rustversion-1.0.5.patch | 234 ------- dev-lang/rust/files/1.54.0-parallel-miri.patch | 43 -- dev-lang/rust/files/1.57.0-selfbootstrap.patch | 56 -- dev-lang/rust/rust-1.53.0.ebuild | 684 -------------------- dev-lang/rust/rust-1.54.0.ebuild | 684 -------------------- dev-lang/rust/rust-1.55.0.ebuild | 683 -------------------- dev-lang/rust/rust-1.56.1.ebuild | 686 -------------------- dev-lang/rust/rust-1.57.0.ebuild | 687 -------------------- dev-lang/rust/rust-1.58.0.ebuild | 699 --------------------- 12 files changed, 4756 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ace2f2b764c11136772b099d485a0a868c7dc1f1 commit ace2f2b764c11136772b099d485a0a868c7dc1f1 Author: Georgy Yakovlev <gyakovlev@gentoo.org> AuthorDate: 2022-01-29 17:02:58 +0000 Commit: Georgy Yakovlev <gyakovlev@gentoo.org> CommitDate: 2022-01-29 17:06:22 +0000 dev-lang/rust-bin: drop versions Bug: https://bugs.gentoo.org/821157 Bug: https://bugs.gentoo.org/831638 Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org> dev-lang/rust-bin/Manifest | 195 ---------------------------- dev-lang/rust-bin/rust-bin-1.53.0.ebuild | 192 --------------------------- dev-lang/rust-bin/rust-bin-1.54.0.ebuild | 192 --------------------------- dev-lang/rust-bin/rust-bin-1.55.0.ebuild | 192 --------------------------- dev-lang/rust-bin/rust-bin-1.56.1.ebuild | 214 ------------------------------- dev-lang/rust-bin/rust-bin-1.57.0.ebuild | 214 ------------------------------- dev-lang/rust-bin/rust-bin-1.58.0.ebuild | 214 ------------------------------- 7 files changed, 1413 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=074e38995738dc175b7150d76709d369e0a55ef7 commit 074e38995738dc175b7150d76709d369e0a55ef7 Author: Georgy Yakovlev <gyakovlev@gentoo.org> AuthorDate: 2022-01-29 17:02:41 +0000 Commit: Georgy Yakovlev <gyakovlev@gentoo.org> CommitDate: 2022-01-29 17:06:17 +0000 virtual/rust: drop versions Bug: https://bugs.gentoo.org/821157 Bug: https://bugs.gentoo.org/831638 Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org> virtual/rust/rust-1.53.0-r1.ebuild | 19 ------------------- virtual/rust/rust-1.54.0.ebuild | 19 ------------------- virtual/rust/rust-1.55.0.ebuild | 19 ------------------- virtual/rust/rust-1.56.1.ebuild | 19 ------------------- virtual/rust/rust-1.57.0.ebuild | 19 ------------------- virtual/rust/rust-1.58.0.ebuild | 19 ------------------- 6 files changed, 114 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7e51e1255a559bb11b72416a98c4a6422f5d2871 commit 7e51e1255a559bb11b72416a98c4a6422f5d2871 Author: Georgy Yakovlev <gyakovlev@gentoo.org> AuthorDate: 2022-01-29 17:01:28 +0000 Commit: Georgy Yakovlev <gyakovlev@gentoo.org> CommitDate: 2022-01-29 17:05:47 +0000 sys-devel/rust-std: drop 1.53.0, 1.54.0, 1.55.0, 1.56.1, 1.58.0 Bug: https://bugs.gentoo.org/821157 Bug: https://bugs.gentoo.org/831638 Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org> sys-devel/rust-std/Manifest | 5 - sys-devel/rust-std/rust-std-1.53.0.ebuild | 154 ----------------------------- sys-devel/rust-std/rust-std-1.54.0.ebuild | 154 ----------------------------- sys-devel/rust-std/rust-std-1.55.0.ebuild | 154 ----------------------------- sys-devel/rust-std/rust-std-1.56.1.ebuild | 154 ----------------------------- sys-devel/rust-std/rust-std-1.58.0.ebuild | 155 ------------------------------ 6 files changed, 776 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ef741792c06ad55d37e1477ad74f3d8fc3fcd64f commit ef741792c06ad55d37e1477ad74f3d8fc3fcd64f Author: Jakov Smolić <jsmolic@gentoo.org> AuthorDate: 2022-02-19 13:40:28 +0000 Commit: Jakov Smolić <jsmolic@gentoo.org> CommitDate: 2022-02-19 13:44:49 +0000 www-client/seamonkey: drop 2.53.9.1-r1 Bug: https://bugs.gentoo.org/831638 Bug: https://bugs.gentoo.org/821157 Bug: https://bugs.gentoo.org/824066 Signed-off-by: Jakov Smolić <jsmolic@gentoo.org> profiles/package.mask | 12 - www-client/seamonkey/Manifest | 4 - www-client/seamonkey/seamonkey-2.53.9.1-r1.ebuild | 557 ---------------------- 3 files changed, 573 deletions(-)
All done, cleanup sucessful, no vulnerable versions in tree. No glsa in a few months after this, I suggest to close this as resolved.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=cda5f646cd9bc370223b79be59deee389a0caeef commit cda5f646cd9bc370223b79be59deee389a0caeef Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-10-16 14:43:11 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-10-16 14:45:25 +0000 [ GLSA 202210-09 ] Rust: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/782367 Bug: https://bugs.gentoo.org/807052 Bug: https://bugs.gentoo.org/821157 Bug: https://bugs.gentoo.org/831638 Bug: https://bugs.gentoo.org/870166 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202210-09.xml | 76 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 76 insertions(+)
GLSA released, all done!