Updated rust packages fix security vulnerabilities
Publication date: 13 Jun 2021Modification date: 13 Jun 2021
Type: security
Affected Mageia releases : 8
CVE: CVE-2020-36323 , CVE-2021-28876 , CVE-2021-28878 , CVE-2021-28879 , CVE-2021-31162
Description
This Rust update to version 1.52.1 includes security fixes for CVE-2020-36323,
CVE-2021-28876, CVE-2021-28878, CVE-2021-28879, and CVE-2021-31162.
These are memory safety bugs in the Rust standard library. Because it is
statically linked, affected applications will need to be rebuilt to benefit
from the fixes. The actual security implications will depend on how these APIs
are used in each particular case.
This update also provides new features and bugfixes included in Rust since
the previously packaged version 1.49.0. See the referenced release notes for
details.
The mozjs78 package is also updated from version 78.7.0 to 78.11.0 (ESR).
References
- https://bugs.mageia.org/show_bug.cgi?id=29033
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CZ337CM4GFJLRDFVQCGC7J25V65JXOG5/
- https://blog.rust-lang.org/2021/02/11/Rust-1.50.0.html
- https://blog.rust-lang.org/2021/03/25/Rust-1.51.0.html
- https://blog.rust-lang.org/2021/05/06/Rust-1.52.0.html
- https://blog.rust-lang.org/2021/05/10/Rust-1.52.1.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36323
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28876
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28878
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28879
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31162
SRPMS
8/core
- rust-1.52.1-1.mga8
- alacritty-0.7.1-1.1.mga8
- cargo-c-0.7.0-1.1.mga8
- dust-0.5.1-1.1.mga8
- librsvg-2.50.3-1.1.mga8
- mozjs68-68.11.0-1.1.mga8
- mozjs78-78.11.0-1.mga8
- neovim-gtk-0.2.0-0.git20190512.2.1.mga8
- ripgrep-12.1.1-1.1.mga8