-
Notifications
You must be signed in to change notification settings - Fork 12.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixes API soundness issue in join() #81728
Conversation
(rust-highfive has picked a reviewer for you, use r? to override) |
@joshtriplett any updates? |
One nit regarding updating an adjacent comment. r=me with that fixed. |
I'm not familiar with rustbot commands, so I'm not sure I'm doing this correctly 😅 |
@Qwaz: 🔑 Insufficient privileges: Not in reviewers |
@Dylan-DPC @joshtriplett It seems that I don't have permission to run r= commands. Could you check again? |
@bors r=joshtriplett |
📌 Commit 26a6270 has been approved by |
☀️ Test successful - checks-actions |
This PR was cited as the fix for CVE-2020-36323, so I'm nominating it for beta. |
The CVE description says:
I'm not sure I'm following it correctly but it doesn't seem correct for me. It should be "before 1.52.0" if we backport this to beta? |
I expect they meant 1.53.0, and yes that should become 1.52.0 if we backport. |
@cuviper Thanks for checking, is there a way to correct it by our hand? Nvm, I found it and sent an update request: https://cve.mitre.org/cve/update_cve_records.html |
@Qwaz I believe you were involved in filing the recent CVEs -- do you have a way to make such updates? |
This is the official way that I know. |
We discussed this in the compiler team triage meeting this morning and decided to approve the backport. |
[beta] backports This backports two beta-accepted PRs, fixing CVE-2020-36323 and CVE-2021-31162. - Fixes API soundness issue in `join()` rust-lang#81728 - Fix double-drop in `Vec::from_iter(vec.into_iter())` specialization when items drop during panic rust-lang#83629
Fixes #80335