Skip to content

Commit

Permalink
Auto merge of #114410 - pietroalbini:pa-cve-2023-38497-stable, r=piet…
Browse files Browse the repository at this point in the history 
…roalbini

[stable] Update point release to fix CVE-2023-38497

This PR fixes CVE-2023-38497 on stable, by updating Cargo to a fixed version.

r? `@ghost`
cc `@rust-lang/release`
  • Loading branch information
@bors
bors committed Aug 3, 2023
2 parents 7c79013 + 64611e1 commit eb26296
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 1 deletion.
1 change: 1 addition & 0 deletions RELEASES.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
Version 1.71.1 (2023-08-03)
===========================

- [Fix CVE-2023-38497: Cargo did not respect the umask when extracting dependencies](https://github.com/rust-lang/cargo/security/advisories/GHSA-j3xp-wfr4-hx87)
- [Fix bash completion for users of Rustup](https://github.com/rust-lang/rust/pull/113579)
- [Do not show `suspicious_double_ref_op` lint when calling `borrow()`](https://github.com/rust-lang/rust/pull/112517)
- [Fix ICE: substitute types before checking inlining compatibility](https://github.com/rust-lang/rust/pull/113802)
Expand Down
2 changes: 1 addition & 1 deletion src/tools/cargo
Submodule cargo updated 7 files
+6 −6 Cargo.lock
+3 −3 Cargo.toml
+1 −1 crates/crates-io/Cargo.toml
+92 −51 src/cargo/sources/registry/mod.rs
+18 −0 src/cargo/util/mod.rs
+129 −3 tests/testsuite/registry.rs
+3 −2 tests/testsuite/vendor.rs

0 comments on commit eb26296

Please sign in to comment.