rust-slice-deque is vulnerable to CVE-2021-29938

OpenSubmitted by Léo Le Bouter.
Details
One participant
  • Léo Le Bouter
Owner
unassigned
Severity
normal
L
L
Léo Le Bouter wrote on 1 Apr 16:08 +0200
(address . bug-guix@gnu.org)
3e2016e62239d2039e48c945a6b6a982c09e3f5f.camel@zaclys.net
CVE-2021-29938 07:15An issue was discovered in the slice-deque crate through 2021-02-19 forRust. A double drop can occur in SliceDeque::drain_filter upon a panicin a predicate function.
Upstream PR: https://github.com/gnzlbg/slice_deque/pull/91
I suggest we wait for merge then update our package.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEFIvLi9gL+xax3g6RRaix6GvNEKYFAmBl0+8ACgkQRaix6GvNEKaK6g/+Mz00XfGipOQkZnxHNCMeyow+SRlAUQbZKJCPKCuFjPTszW1075c9YCCddcJ9/cdESVmodrlGcay5+qHqXbPQCLMwvT5+FpVB3/gn0NrybueHhm34jswbNB5dmBKPuZWTSpuWyvLhb2xTKVZPlNducPev6jcj68vVP9/PEknOkJ/luFLVNb1b38FaHlkVaAZ908Wecx9wstji7F3lW4TVENxnMgrndoKBAJyDTGuOr3hj5Y2aT2tVsCGpMVKbjIlr+ydSgfTKOe0KnC2gztPNBf9cd7DwTnQgim4XdujB23iLI99KWUej3SnvSNbfrCyDzpofHMbNgxlM1drRiMwRr44D27dSIqGtlyjmoW8/3ug3GEIjubf8PEw68TMT/OZM1Uuz85x6BHb5iPSKJqOTWxX51DbR462zLfbPmj1hyYVh2ztPJG/Llv6aV0EVVCgPcpiIiJ+jRq1DF1465VQLvb838Jzp1SYdCUXJAYFMQzvjeeC8najh2RGGXNlpkOVLQbiJkZ5b2cGjRX1XL4rDQ5cJQUiGZiKGg7AsVq4lg4fUNVFwzTUcFI4W8sRBYjsKb9Jxfswl0IOXzwxzCNIz6CciDjMtJb39l1cop8FYF1B9V5J5myQ5RGy2cee7OijCNnfVo90W1JbCAB7LMFj1kQCt+4Xdj5n8Q9MZy8buhz4==cx4d-----END PGP SIGNATURE-----

L
L
Léo Le Bouter wrote on 1 Apr 16:09 +0200
(address . control@debbugs.gnu.org)
455f913579bf510bb21c651880a53dda55c7be9e.camel@zaclys.net
tags 47544 + securityquit
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEFIvLi9gL+xax3g6RRaix6GvNEKYFAmBl1CkACgkQRaix6GvNEKYqIg//fEcUdfGmcvqLlJqL+2OQpLOG3Q7eLH+Js3txTX0iAqt+koJBhmMicOg7kW0peiGvHwAfNiGgT2Lq9cR9TezAREQk2I0TeW+HpB+2vPB4RAacCXTx76FXlO/c5i7+y2P99FR/9eX9DSvVdmIJ1Q4eN5BxNmhqgB6P+SzQYotPvbyX+pUJb3wiXCLScW9Wxg997oclQXcpoKC9DRkmJXhoYiGOFdXfq9IdS3OMJiC2AOTIPW+Wpvg2jAvkiJLREjI77AlImK2Vg7IzpHC+ndMCJTe883W5Fuuvphc2zF7sZ8zKTLEicAqIA991TtIakdKoJ/8fkltESeTw+RKw1ow/NFA6BoHzh2TNSzimSFMYTL3gF1l2OfwHRYwumMyAV05uTwl1TfZ1PUecgUp94UM9PfA1fz7FoUJVyTkLN7jvl67ITC7SkFY4RVG88LjOzTUfMLS95JnAOt17K36C3fZEZSc06XVqIauiriBA3osrYjVYGNUo97GH7XrzYcFsYWNgnyEScbDkbMRcmndrThWxbwpBvrJL9BCJ8H/JJU5CGEbALu56qEXBgieaszxvziPWLQkRLIiQ7WejpLR4e+z74/SV4Lnleekb8zqwusWqy37o/C1HT40KhzJSnOVMEtlMK2lJLeYkAUMor7yQFZKZmhlmqkDVMgUu0tEHORUfFnA==vIVe-----END PGP SIGNATURE-----

?
Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send email to 47544@debbugs.gnu.org