diff options
| author | bors <bors@rust-lang.org> | 2023-08-03 12:11:47 +0000 |
|---|---|---|
| committer | bors <bors@rust-lang.org> | 2023-08-03 12:11:47 +0000 |
| commit | eb26296b556cef10fb713a38f3d16b9886080f26 (patch) | |
| tree | 197f7a38719bc555b3d1e3f974a8a714c624658d | |
| parent | 7c790132e17377c6c14e336cc442f210d0301c96 (diff) | |
| parent | 64611e15c7cd89e6bcd3ac573108b18b47f0830c (diff) | |
| download | rust-1.71.1.tar.gz rust-1.71.1.zip | |
Auto merge of #114410 - pietroalbini:pa-cve-2023-38497-stable, r=pietroalbini 1.71.1
[stable] Update point release to fix CVE-2023-38497 This PR fixes CVE-2023-38497 on stable, by updating Cargo to a fixed version. r? `@ghost` cc `@rust-lang/release`
| -rw-r--r-- | RELEASES.md | 1 | ||||
| m--------- | src/tools/cargo | 0 |
2 files changed, 1 insertions, 0 deletions
diff --git a/RELEASES.md b/RELEASES.md index 165709e1cf2..f719a2fd19c 100644 --- a/RELEASES.md +++ b/RELEASES.md @@ -1,6 +1,7 @@ Version 1.71.1 (2023-08-03) =========================== +- [Fix CVE-2023-38497: Cargo did not respect the umask when extracting dependencies](https://github.com/rust-lang/cargo/security/advisories/GHSA-j3xp-wfr4-hx87) - [Fix bash completion for users of Rustup](https://github.com/rust-lang/rust/pull/113579) - [Do not show `suspicious_double_ref_op` lint when calling `borrow()`](https://github.com/rust-lang/rust/pull/112517) - [Fix ICE: substitute types before checking inlining compatibility](https://github.com/rust-lang/rust/pull/113802) diff --git a/src/tools/cargo b/src/tools/cargo -Subproject cfd3bbd8fe4fd92074dfad04b7eb9a923646839 +Subproject 7f1d04c0053083b98fa50b69b6f56e339b0556a |
