From https://blog.rust-lang.org/2023/08/03/Rust-1.71.1.html: """ Rust 1.71.1 fixes Cargo not respecting the umask when extracting dependencies, which could allow a local attacker to edit the cache of extracted source code belonging to another local user, potentially executing code as another user. This security vulnerability is tracked as CVE-2023-38497, and you can read more about it on the advisory we published earlier today. We recommend all users to update their toolchain as soon as possible. """ See also: https://blog.rust-lang.org/2023/08/03/cve-2023-38497.html.
Note that may need to backport https://github.com/rust-lang/rust/pull/114440 as well...
commit 9bd0a1774d10a17f7a311813b314fee6953eb49d Author: WANG Xuerui <xen0n@gentoo.org> Date: Fri Aug 4 15:20:57 2023 +0800 sys-devel/rust-std: add 1.71.1 Closes: https://github.com/gentoo/gentoo/pull/32170 Signed-off-by: WANG Xuerui <xen0n@gentoo.org> commit 1ee36a35ed4404e95cb88a69e745580f2a5d0c73 Author: WANG Xuerui <xen0n@gentoo.org> Date: Fri Aug 4 15:19:58 2023 +0800 virtual/rust: add 1.71.1 Signed-off-by: WANG Xuerui <xen0n@gentoo.org> commit d7081c418d324fefef6d2e671bd92a84091f989c Author: WANG Xuerui <xen0n@gentoo.org> Date: Fri Aug 4 15:19:28 2023 +0800 dev-lang/rust: add 1.71.1 Signed-off-by: WANG Xuerui <xen0n@gentoo.org> commit e73ed087dff62bccf07ccb56a8025940701efaa2 Author: WANG Xuerui <xen0n@gentoo.org> Date: Fri Aug 4 15:06:57 2023 +0800 dev-lang/rust-bin: add 1.71.1 Signed-off-by: WANG Xuerui <xen0n@gentoo.org>
commit d4946c5f8d3fa1aec5e5d4d3f64971d89958fde3 Author: Matt Turner <mattst88@gentoo.org> Date: Wed Jan 24 12:17:38 2024 -0500 dev-lang/rust: Drop old versions