#14901: librsvg-2.50.4
-------------------------+-----------------------
Reporter: renodr | Owner: renodr
Type: enhancement | Status: assigned
Priority: elevated | Milestone: 10.2
Component: BOOK | Version: SVN
Severity: normal | Resolution:
Keywords: |
-------------------------+-----------------------
Comment (by renodr):
The release notes in the ticket description are incorrect. The correct
ones:
{{{
News
====
Update dependent crates that had security vulnerabilities:
generic-array to 0.13.3 - RUSTSEC-2020-0146
- #686 - Reduced stack usage (Sebastian Dröge).
- #698 - Add limit for too-large radiuses on the feMorphology filter
(Madds H).
- #703 - Properly ignore elements in an error state inside the "switch"
element.
}}}
RUSTSEC-2020-0146: [https://github.com/fizyk20/generic-array/issues/98]
Rust seems to keep their security advisories here:
[https://rustsec.org/advisories/]
In our case, we're looking for RUSTSEC-2020-0146, which can be found here:
[https://rustsec.org/advisories/RUSTSEC-2020-0146.html]
{{{
RUSTSEC-2020-0146: generic-array: arr! macro erases lifetimes
April 9, 2020
Description
Affected versions of this crate allowed unsoundly extending lifetimes
using arr! macro. This may result in a variety of memory corruption
scenarios, most likely use-after-free.
}}}
Since this is the first "security vulnerability in a rust crate" that
we've encountered, I've sent an email to all editors on how to find the
information necessary to assign a severity. In this case, I'll put
Moderate in the advisory.
--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/14901#comment:3>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
--
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
