rust
/
cargo
mirror of https://github.com/rust-lang/cargo
0
0
Fork 0
Code Issues Releases Wiki Activity

doc(changelog): mention CVE fixes

This commit is contained in:
Weihang Lo 2022-09-17 20:47:07 +01:00
parent 73ba3f35e0
commit 11d3c5982b
No known key found for this signature in database
GPG Key ID: D7DBF189825E82E7
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
CHANGELOG.md
View File

@ -64,6 +64,15 @@
[#10784](https://github.com/rust-lang/cargo/pull/10784)
### Fixed
- [CVE-2022-36113](https://github.com/rust-lang/cargo/security/advisories/GHSA-rfj2-q3h3-hm5j):
Extracting malicious crates can corrupt arbitrary files.
[#11089](https://github.com/rust-lang/cargo/pull/11089)
[#11088](https://github.com/rust-lang/cargo/pull/11088)
- [CVE-2022-36114](https://github.com/rust-lang/cargo/security/advisories/GHSA-2hvr-h6gw-qrxp):
Extracting malicious crates can fill the file system.
[#11089](https://github.com/rust-lang/cargo/pull/11089)
[#11088](https://github.com/rust-lang/cargo/pull/11088)
- The `os` output in `cargo --version --verbose` now supports more platforms.
[#10802](https://github.com/rust-lang/cargo/pull/10802)
- Cached git checkouts will now be rebuilt if they are corrupted. This may