[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#47544: rust-slice-deque is vulnerable to CVE-2021-29938
From: |
Maxim Cournoyer |
Subject: |
bug#47544: rust-slice-deque is vulnerable to CVE-2021-29938 |
Date: |
Tue, 22 Mar 2022 22:39:11 -0400 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) |
Hello,
Léo Le Bouter <lle-bout@zaclys.net> writes:
> CVE-2021-29938 07:15
> An issue was discovered in the slice-deque crate through 2021-02-19 for
> Rust. A double drop can occur in SliceDeque::drain_filter upon a panic
> in a predicate function.
>
> Upstream PR: https://github.com/gnzlbg/slice_deque/pull/91
The project appears unmaintained [0].
[0] https://github.com/gnzlbg/slice_deque/issues/94.
It's used by a couple other packages (how many? hard to tell, this
being Rust in Guix).
Thanks,
Maxim
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- bug#47544: rust-slice-deque is vulnerable to CVE-2021-29938,
Maxim Cournoyer <=