user0/rust
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Auto merge of #114410 - pietroalbini:pa-cve-2023-38497-stable, r=pietroalbini

Browse source 
[stable] Update point release to fix CVE-2023-38497

This PR fixes CVE-2023-38497 on stable, by updating Cargo to a fixed version.

r? `@ghost`
cc `@rust-lang/release`
This commit is contained in:
bors 2023-08-03 12:11:47 +00:00
commit eb26296b55
2 changed files with 2 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

1
RELEASES.md
View file

@ -1,6 +1,7 @@
Version 1.71.1 (2023-08-03)
===========================
- [Fix CVE-2023-38497: Cargo did not respect the umask when extracting dependencies](https://github.com/rust-lang/cargo/security/advisories/GHSA-j3xp-wfr4-hx87)
- [Fix bash completion for users of Rustup](https://github.com/rust-lang/rust/pull/113579)
- [Do not show `suspicious_double_ref_op` lint when calling `borrow()`](https://github.com/rust-lang/rust/pull/112517)
- [Fix ICE: substitute types before checking inlining compatibility](https://github.com/rust-lang/rust/pull/113802)

2
src/tools/cargo

@ -1 +1 @@
Subproject commit cfd3bbd8fe4fd92074dfad04b7eb9a923646839f
Subproject commit 7f1d04c0053083b98fa50b69b6f56e339b0556a8