RUSTSEC-2020-0146: arr! macro erases lifetimes #85

github-actions · 2021-03-02T00:20:07Z

arr! macro erases lifetimes

Details
Package	`generic-array`
Version	`0.12.3`
URL	fizyk20/generic-array#98
Date	2020-04-09
Patched versions	`>=0.14.0`
Unaffected versions	`<0.8.0`

Affected versions of this crate allowed unsoundly extending
lifetimes using arr! macro. This may result in a variety of
memory corruption scenarios, most likely use-after-free.

See advisory page for additional details.

The text was updated successfully, but these errors were encountered:

soenkeliebau · 2021-04-12T13:26:14Z

All dependencies on generic-array were upgraded to at least 0.12.4 which is marked as fixed in RUSTSEC.a fixed version.

Patched versions:
>=0.8.4, <0.9.0
>=0.9.1, <0.10.0
>=0.10.1, <0.11.0
>=0.11.2, <0.12.0
>=0.12.4, <0.13.0
>=0.13.3

See these issues for more details on the release that fixed this for us:
pest-parser/pest#491 (comment)
pest-parser/pest#497

➜  agent git:(main) ✗ cargo tree | grep generic
│   │       │       │   └── generic-array v0.12.4
│   │       │       │   └── generic-array v0.12.4 (*)
│   │   │   │   └── generic-array v0.14.4
│   │   │   │   └── generic-array v0.14.4 (*)
➜  agent git:(main) ✗

soenkeliebau closed this as completed Apr 12, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

RUSTSEC-2020-0146: arr! macro erases lifetimes #85

RUSTSEC-2020-0146: arr! macro erases lifetimes #85

github-actions bot commented Mar 2, 2021

soenkeliebau commented Apr 12, 2021

RUSTSEC-2020-0146: arr! macro erases lifetimes #85

RUSTSEC-2020-0146: arr! macro erases lifetimes #85

Comments

github-actions bot commented Mar 2, 2021

soenkeliebau commented Apr 12, 2021