FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-19 20:48:44 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
37528379-76a8-11e9-a4fd-00012e582166	Rust -- violation of Rust's safety guarantees Sean McArthur reports: The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a stabilized method which, if overridden, can violate Rust's safety guarantees and cause memory unsafety. If the Error::type_id method is overridden then any type can be safely cast to any other type, causing memory safety vulnerabilities in safe code (e.g., out-of-bounds write or read). Code that does not manually implement Error::type_id is unaffected. Discovery 2019-05-09 Entry 2019-05-15 rust ge 1.34.0 lt 1.34.2 https://blog.rust-lang.org/2019/05/13/Security-advisory.html CVE-2019-12083
ee26f513-826e-11ec-8be6-d4c9ef517024	Rust -- Race condition enabling symlink following The Rust Security Response WG was notified that the std::fs::remove_dir_all standard library function is vulnerable to a race condition enabling symlink following (CWE-363). An attacker could use this security issue to trick a privileged program into deleting files and directories the attacker couldn't otherwise access or delete. Discovery 2022-01-20 Entry 2022-01-31 Modified 2022-02-03 rust < 1.58.1 rust-nightly < 1.60.0.20220202 CVE-2022-21658 https://blog.rust-lang.org/2022/01/20/cve-2022-21658.html

VuXML ID

Description

37528379-76a8-11e9-a4fd-00012e582166

Rust -- violation of Rust's safety guarantees

Sean McArthur reports:

The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a stabilized method which, if overridden, can violate Rust's safety guarantees and cause memory unsafety. If the Error::type_id method is overridden then any type can be safely cast to any other type, causing memory safety vulnerabilities in safe code (e.g., out-of-bounds write or read). Code that does not manually implement Error::type_id is unaffected.

Discovery 2019-05-09
Entry 2019-05-15
rust

ge 1.34.0 lt 1.34.2

https://blog.rust-lang.org/2019/05/13/Security-advisory.html
CVE-2019-12083

ee26f513-826e-11ec-8be6-d4c9ef517024

Rust -- Race condition enabling symlink following

The Rust Security Response WG was notified that the std::fs::remove_dir_all standard library function is vulnerable to a race condition enabling symlink following (CWE-363). An attacker could use this security issue to trick a privileged program into deleting files and directories the attacker couldn't otherwise access or delete.

Discovery 2022-01-20
Entry 2022-01-31
Modified 2022-02-03
rust

< 1.58.1

rust-nightly

< 1.60.0.20220202

CVE-2022-21658
https://blog.rust-lang.org/2022/01/20/cve-2022-21658.html