ALSA-2023:4635

Source

https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2023:4635.json

Aliases

CVE-2023-38497 ( ALSA-2023:4634, GHSA-j3xp-wfr4-hx87 )

Published

2023-08-14T00:00:00Z

Modified

2023-08-15T22:27:01Z

Details

Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries.

Security Fix(es):

rust-cargo: cargo does not respect the umask when extracting dependencies (CVE-2023-38497)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

Affected packages

AlmaLinux:8 / cargo

Source Details

Package Name: cargo

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.66.1-2.module_el8.8.0+3604+b9bee1fc

AlmaLinux:8 / clippy

Source Details

Package Name: clippy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.66.1-2.module_el8.8.0+3604+b9bee1fc

AlmaLinux:8 / rust

Source Details

Package Name: rust

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.66.1-2.module_el8.8.0+3604+b9bee1fc

AlmaLinux:8 / rust-analysis

Source Details

Package Name: rust-analysis

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.66.1-2.module_el8.8.0+3604+b9bee1fc

AlmaLinux:8 / rust-analyzer

Source Details

Package Name: rust-analyzer

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.66.1-2.module_el8.8.0+3604+b9bee1fc

AlmaLinux:8 / rust-debugger-common

Source Details

Package Name: rust-debugger-common

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.66.1-2.module_el8.8.0+3604+b9bee1fc

AlmaLinux:8 / rust-doc

Source Details

Package Name: rust-doc

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.66.1-2.module_el8.8.0+3604+b9bee1fc

AlmaLinux:8 / rust-gdb

Source Details

Package Name: rust-gdb

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.66.1-2.module_el8.8.0+3604+b9bee1fc

AlmaLinux:8 / rust-lldb

Source Details

Package Name: rust-lldb

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.66.1-2.module_el8.8.0+3604+b9bee1fc

AlmaLinux:8 / rust-src

Source Details

Package Name: rust-src

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.66.1-2.module_el8.8.0+3604+b9bee1fc

AlmaLinux:8 / rust-std-static

Source Details

Package Name: rust-std-static

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.66.1-2.module_el8.8.0+3604+b9bee1fc

AlmaLinux:8 / rust-std-static-wasm32-unknown-unknown

Source Details

Package Name: rust-std-static-wasm32-unknown-unknown

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.66.1-2.module_el8.8.0+3604+b9bee1fc

AlmaLinux:8 / rust-std-static-wasm32-wasi

Source Details

Package Name: rust-std-static-wasm32-wasi

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.66.1-2.module_el8.8.0+3604+b9bee1fc

AlmaLinux:8 / rust-toolset

Source Details

Package Name: rust-toolset

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.66.1-2.module_el8.8.0+3604+b9bee1fc

AlmaLinux:8 / rustfmt

Source Details

Package Name: rustfmt

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.66.1-2.module_el8.8.0+3604+b9bee1fc