File tree 1 file changed +18
-0
lines changed
1 file changed +18
-0
lines changed Original file line number Diff line number Diff line change 1919## Cargo 1.64 (2022-09-22)
2020[ a5e08c47...rust-1.64.0] ( https://github.com/rust-lang/cargo/compare/a5e08c47...rust-1.64.0 )
2121
22+ ### ⚠️ Fixes of security vulnerabilities
23+
24+ - [ CVE-2022 -36113: Extracting malicious crates can corrupt arbitrary files] ( https://github.com/rust-lang/cargo/security/advisories/GHSA-rfj2-q3h3-hm5j )
25+ - [ CVE-2022 -36114: Extracting malicious crates can fill the file system] ( https://github.com/rust-lang/cargo/security/advisories/GHSA-2hvr-h6gw-qrxp )
26+
27+ For more information, please read
28+ [ "Security advisories for Cargo (CVE-2022 -36113, CVE-2022 -36114)"] ( https://blog.rust-lang.org/2022/09/14/cargo-cves.html )
29+ on the official Rust blog.
30+
2231### Added
2332
2433- 🎉 Packages can now inherit settings from the workspace so that the settings
6473 [ #10784 ] ( https://github.com/rust-lang/cargo/pull/10784 )
6574
6675### Fixed
76+
77+ - [ CVE-2022 -36113] ( https://github.com/rust-lang/cargo/security/advisories/GHSA-rfj2-q3h3-hm5j ) :
78+ Extracting malicious crates can corrupt arbitrary files.
79+ [ #11089 ] ( https://github.com/rust-lang/cargo/pull/11089 )
80+ [ #11088 ] ( https://github.com/rust-lang/cargo/pull/11088 )
81+ - [ CVE-2022 -36114] ( https://github.com/rust-lang/cargo/security/advisories/GHSA-2hvr-h6gw-qrxp ) :
82+ Extracting malicious crates can fill the file system.
83+ [ #11089 ] ( https://github.com/rust-lang/cargo/pull/11089 )
84+ [ #11088 ] ( https://github.com/rust-lang/cargo/pull/11088 )
6785- The ` os ` output in ` cargo --version --verbose ` now supports more platforms.
6886 [ #10802 ] ( https://github.com/rust-lang/cargo/pull/10802 )
6987- Cached git checkouts will now be rebuilt if they are corrupted. This may
You can’t perform that action at this time.
0 commit comments