Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 929036 (CVE-2024-24576) - dev-lang/rust, dev-lang/rust-bin: Untrusted command sanitation leading to code execution on Windows
Summary: dev-lang/rust, dev-lang/rust-bin: Untrusted command sanitation leading to cod...
Alias: CVE-2024-24576
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Depends on:
Reported: 2024-04-10 01:17 UTC by Randy Barlow
Modified: 2024-04-10 02:32 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Randy Barlow 2024-04-10 01:17:35 UTC
Today Rust 1.77.2 was released to address a security flaw. The flaw relates to how Command input is sanitized in the standard library for Windows build targets.

Gentoo does not ship the Windows build targets as part of its ebuilds, and thus is not vulnerable to this CVE.

For more information, see the Rust blog:

Reproducible: Always
Comment 1 Randy Barlow 2024-04-10 01:18:56 UTC
We can close this ticket as INVALID. I filed it at the suggestion of our pal Sam James so that we can have a documented record describing why we don't need to bump the version in Gentoo.