MGASA-2021-0251

See a problem?
Please try reporting it to the source first.
Source
https://advisories.mageia.org/MGASA-2021-0251.html
Import Source
https://advisories.mageia.org/MGASA-2021-0251.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2021-0251
Related
Published
2021-06-13T21:32:39Z
Modified
2021-06-13T20:17:14Z
Summary
Updated rust packages fix security vulnerabilities
Details

This Rust update to version 1.52.1 includes security fixes for CVE-2020-36323, CVE-2021-28876, CVE-2021-28878, CVE-2021-28879, and CVE-2021-31162. These are memory safety bugs in the Rust standard library. Because it is statically linked, affected applications will need to be rebuilt to benefit from the fixes. The actual security implications will depend on how these APIs are used in each particular case.

This update also provides new features and bugfixes included in Rust since the previously packaged version 1.49.0. See the referenced release notes for details.

The mozjs78 package is also updated from version 78.7.0 to 78.11.0 (ESR).

References
Credits

Affected packages

Mageia:8 / rust

Package

Name
rust
Purl
pkg:rpm/mageia/rust?distro=mageia-8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.52.1-1.mga8

Ecosystem specific 

{
    "section": "core"
}

Mageia:8 / alacritty

Package

Name
alacritty
Purl
pkg:rpm/mageia/alacritty?distro=mageia-8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.7.1-1.1.mga8

Ecosystem specific 

{
    "section": "core"
}

Mageia:8 / cargo-c

Package

Name
cargo-c
Purl
pkg:rpm/mageia/cargo-c?distro=mageia-8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.7.0-1.1.mga8

Ecosystem specific 

{
    "section": "core"
}

Mageia:8 / dust

Package

Name
dust
Purl
pkg:rpm/mageia/dust?distro=mageia-8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.5.1-1.1.mga8

Ecosystem specific 

{
    "section": "core"
}

Mageia:8 / librsvg

Package

Name
librsvg
Purl
pkg:rpm/mageia/librsvg?distro=mageia-8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.50.3-1.1.mga8

Ecosystem specific 

{
    "section": "core"
}

Mageia:8 / mozjs68

Package

Name
mozjs68
Purl
pkg:rpm/mageia/mozjs68?distro=mageia-8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
68.11.0-1.1.mga8

Ecosystem specific 

{
    "section": "core"
}

Mageia:8 / mozjs78

Package

Name
mozjs78
Purl
pkg:rpm/mageia/mozjs78?distro=mageia-8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
78.11.0-1.mga8

Ecosystem specific 

{
    "section": "core"
}

Mageia:8 / neovim-gtk

Package

Name
neovim-gtk
Purl
pkg:rpm/mageia/neovim-gtk?distro=mageia-8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.2.0-0.git20190512.2.1.mga8

Ecosystem specific 

{
    "section": "core"
}

Mageia:8 / ripgrep

Package

Name
ripgrep
Purl
pkg:rpm/mageia/ripgrep?distro=mageia-8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
12.1.1-1.1.mga8

Ecosystem specific 

{
    "section": "core"
}