bug#47544: rust-slice-deque is vulnerable to CVE-2021-29938

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#47544: rust-slice-deque is vulnerable to CVE-2021-29938

From:	Maxim Cournoyer
Subject:	bug#47544: rust-slice-deque is vulnerable to CVE-2021-29938
Date:	Tue, 22 Mar 2022 22:39:11 -0400
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)

Hello,

Léo Le Bouter <lle-bout@zaclys.net> writes:

> CVE-2021-29938        07:15
> An issue was discovered in the slice-deque crate through 2021-02-19 for
> Rust. A double drop can occur in SliceDeque::drain_filter upon a panic
> in a predicate function.
>
> Upstream PR: https://github.com/gnzlbg/slice_deque/pull/91

The project appears unmaintained [0].

[0]  https://github.com/gnzlbg/slice_deque/issues/94.

It's used by a couple other packages (how many?  hard to tell, this
being Rust in Guix).

Thanks,

Maxim

[Prev in Thread]

Current Thread

[Next in Thread]

bug#47544: rust-slice-deque is vulnerable to CVE-2021-29938, Maxim Cournoyer <=

Prev by Date: bug#52228: NSS CVE-2021-43527 "memory corruption validating dsa/rsa-pss signatures"
Next by Date: bug#53368: [PATCH] Amended wording in description of .guix-authorizations file
Previous by thread: bug#52228: NSS CVE-2021-43527 "memory corruption validating dsa/rsa-pss signatures"
Next by thread: bug#53368: [PATCH] Amended wording in description of .guix-authorizations file
Index(es):
- Date
- Thread