summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--RELEASES.md1
m---------src/tools/cargo0
2 files changed, 1 insertions, 0 deletions
diff --git a/RELEASES.md b/RELEASES.md
index 165709e1cf2..f719a2fd19c 100644
--- a/RELEASES.md
+++ b/RELEASES.md
@@ -1,6 +1,7 @@
 Version 1.71.1 (2023-08-03)
 ===========================
 
+- [Fix CVE-2023-38497: Cargo did not respect the umask when extracting dependencies](https://github.com/rust-lang/cargo/security/advisories/GHSA-j3xp-wfr4-hx87)
 - [Fix bash completion for users of Rustup](https://github.com/rust-lang/rust/pull/113579)
 - [Do not show `suspicious_double_ref_op` lint when calling `borrow()`](https://github.com/rust-lang/rust/pull/112517)
 - [Fix ICE: substitute types before checking inlining compatibility](https://github.com/rust-lang/rust/pull/113802)
diff --git a/src/tools/cargo b/src/tools/cargo
-Subproject cfd3bbd8fe4fd92074dfad04b7eb9a923646839
+Subproject 7f1d04c0053083b98fa50b69b6f56e339b0556a