FEDORA-EPEL-2021-044df87bd4 created by jistone 5 months ago for Fedora EPEL 7
stable

Security fixes for CVE-2020-36323, CVE-2021-28876, CVE-2021-28878, CVE-2021-28879, and CVE-2021-31162.

These are memory safety bugs in the Rust standard library. Because it is statically linked, affected applications will need to be rebuilt to benefit from the fixes. The actual security implications will depend on how these APIs are used in each particular case.

This update has been submitted for testing by jistone.

5 months ago

This update's test gating status has been changed to 'ignored'.

5 months ago

This update's test gating status has been changed to 'waiting'.

5 months ago

This update's test gating status has been changed to 'ignored'.

5 months ago

This update has been pushed to testing.

5 months ago

This update can be pushed to stable now if the maintainer wishes

4 months ago

This update has been submitted for stable by bodhi.

4 months ago

This update has been pushed to stable.

4 months ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
14 days
Dates
submitted
5 months ago
in testing
5 months ago
in stable
4 months ago
BZ#1949198 CVE-2021-28876 rust: panic safety issue in Zip implementation
0
0
BZ#1949200 CVE-2021-28876 rust: panic safety issue in Zip implementation [epel-7]
0
0
BZ#1949207 CVE-2021-28878 rust: memory safety violation in Zip implementation when next_back() and next() are used together
0
0
BZ#1949209 CVE-2021-28878 rust: memory safety violation in Zip implementation when next_back() and next() are used together [epel-7]
0
0
BZ#1949211 CVE-2021-28879 rust: integer overflow in the Zip implementation can lead to a buffer overflow
0
0
BZ#1949213 CVE-2021-28879 rust: integer overflow in the Zip implementation can lead to a buffer overflow [epel-7]
0
0
BZ#1950396 CVE-2020-36323 rust: optimization for joining strings can cause uninitialized bytes to be exposed
0
0
BZ#1950398 CVE-2021-31162 rust: double free in Vec::from_iter function if freeing the element panics
0
0
BZ#1950401 CVE-2021-31162 rust: double free in Vec::from_iter function if freeing the element panics [epel-7]
0
0
BZ#1950486 CVE-2020-36323 rust: optimization for joining strings can cause uninitialized bytes to be exposed [epel-7]
0
0

Automated Test Results

Test Cases

0 0 Test Case rust compile