Bug 29083

Summary: rust new security issues CVE-2020-3631[78], CVE-2020-36323, CVE-2021-2887[689], and CVE-2021-31162
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Rémi Verschelde <rverschelde>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: major    
Priority: Normal    
Version: 7   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: rust-1.43.1-1.mga7.src.rpm CVE:
Status comment:
Bug Depends on: 29033    
Bug Blocks:    

Description David Walser 2021-06-06 19:24:14 CEST 
+++ This bug was initially created as a clone of Bug #29033 +++

Fedora has issued an advisory on April 24:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CZ337CM4GFJLRDFVQCGC7J25V65JXOG5/

The issues are fixed upstream in 1.52.0.

Mageia 7 is also affected.

Note that everything built with rust needs to be rebuilt.

RedHat has issued an advisory on June 3:
https://access.redhat.com/errata/RHSA-2021:2243

Two more CVEs were fixed upstream in 1.49.0.
Comment 1 Rémi Verschelde 2021-07-23 22:40:11 CEST 
Mageia 7 is EOL, closing.

Resolution: (none) => WONTFIX
Version: 8 => 7
Status: NEW => RESOLVED

Comment 2 David Walser 2021-07-23 23:19:18 CEST 
Wrong resolution.

Resolution: WONTFIX => OLD

Comment 3 David Walser 2021-07-23 23:19:58 CEST 
Hey, this is a Mageia 8 bug.

Version: 7 => 8
Status: RESOLVED => REOPENED
Resolution: OLD => (none)

Comment 4 David Walser 2021-07-23 23:20:55 CEST 
Oh, no it isn't.  Sorry.

Resolution: (none) => OLD
Status: REOPENED => RESOLVED
Version: 8 => 7