Bug 29083 - rust new security issues CVE-2020-3631[78], CVE-2020-36323, CVE-2021-2887[689], and CVE-2021-31162
Summary: rust new security issues CVE-2020-3631[78], CVE-2020-36323, CVE-2021-2887[689...
Status: RESOLVED OLD
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: Rémi Verschelde
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on: 29033
Blocks:
  Show dependency treegraph
 
Reported: 2021-06-06 19:24 CEST by David Walser
Modified: 2021-07-23 23:20 CEST (History)
0 users

See Also:
Source RPM: rust-1.43.1-1.mga7.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2021-06-06 19:24:14 CEST 
+++ This bug was initially created as a clone of Bug #29033 +++

Fedora has issued an advisory on April 24:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CZ337CM4GFJLRDFVQCGC7J25V65JXOG5/

The issues are fixed upstream in 1.52.0.

Mageia 7 is also affected.

Note that everything built with rust needs to be rebuilt.

RedHat has issued an advisory on June 3:
https://access.redhat.com/errata/RHSA-2021:2243

Two more CVEs were fixed upstream in 1.49.0.
Comment 1 Rémi Verschelde 2021-07-23 22:40:11 CEST 
Mageia 7 is EOL, closing.

Resolution: (none) => WONTFIX
Version: 8 => 7
Status: NEW => RESOLVED

Comment 2 David Walser 2021-07-23 23:19:18 CEST 
Wrong resolution.

Resolution: WONTFIX => OLD

Comment 3 David Walser 2021-07-23 23:19:58 CEST 
Hey, this is a Mageia 8 bug.

Version: 7 => 8
Status: RESOLVED => REOPENED
Resolution: OLD => (none)

Comment 4 David Walser 2021-07-23 23:20:55 CEST 
Oh, no it isn't.  Sorry.

Resolution: (none) => OLD
Status: REOPENED => RESOLVED
Version: 8 => 7
Note You need to log in before you can comment on or make changes to this bug.