summary refs log tree commit diff
path: root/RELEASES.md
diff options
context:
space:
mode:
authorbors <bors@rust-lang.org>2023-08-03 12:11:47 +0000
committerbors <bors@rust-lang.org>2023-08-03 12:11:47 +0000
commiteb26296b556cef10fb713a38f3d16b9886080f26 (patch)
tree197f7a38719bc555b3d1e3f974a8a714c624658d /RELEASES.md
parent7c790132e17377c6c14e336cc442f210d0301c96 (diff)
parent64611e15c7cd89e6bcd3ac573108b18b47f0830c (diff)
downloadrust-1.71.1.tar.gz
rust-1.71.1.zip
Auto merge of #114410 - pietroalbini:pa-cve-2023-38497-stable, r=pietroalbini 1.71.1
[stable] Update point release to fix CVE-2023-38497

This PR fixes CVE-2023-38497 on stable, by updating Cargo to a fixed version.

r? `@ghost`
cc `@rust-lang/release`
Diffstat (limited to 'RELEASES.md')
-rw-r--r--RELEASES.md1
1 files changed, 1 insertions, 0 deletions
diff --git a/RELEASES.md b/RELEASES.md
index 165709e1cf2..f719a2fd19c 100644
--- a/RELEASES.md
+++ b/RELEASES.md
@@ -1,6 +1,7 @@
 Version 1.71.1 (2023-08-03)
 ===========================
 
+- [Fix CVE-2023-38497: Cargo did not respect the umask when extracting dependencies](https://github.com/rust-lang/cargo/security/advisories/GHSA-j3xp-wfr4-hx87)
 - [Fix bash completion for users of Rustup](https://github.com/rust-lang/rust/pull/113579)
 - [Do not show `suspicious_double_ref_op` lint when calling `borrow()`](https://github.com/rust-lang/rust/pull/112517)
 - [Fix ICE: substitute types before checking inlining compatibility](https://github.com/rust-lang/rust/pull/113802)