MGASA-2021-0251 - Updated rust packages fix security vulnerabilities

Publication date: 13 Jun 2021
URL: https://advisories.mageia.org/MGASA-2021-0251.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2020-36323,
     CVE-2021-28876,
     CVE-2021-28878,
     CVE-2021-28879,
     CVE-2021-31162

This Rust update to version 1.52.1 includes security fixes for CVE-2020-36323,
CVE-2021-28876, CVE-2021-28878, CVE-2021-28879, and CVE-2021-31162.
These are memory safety bugs in the Rust standard library. Because it is
statically linked, affected applications will need to be rebuilt to benefit
from the fixes. The actual security implications will depend on how these APIs
are used in each particular case.

This update also provides new features and bugfixes included in Rust since
the previously packaged version 1.49.0. See the referenced release notes for
details.

The mozjs78 package is also updated from version 78.7.0 to 78.11.0 (ESR).

References:
- https://bugs.mageia.org/show_bug.cgi?id=29033
- https://lists.fedoraproject.org/archives/list/[email protected]/thread/CZ337CM4GFJLRDFVQCGC7J25V65JXOG5/
- https://blog.rust-lang.org/2021/02/11/Rust-1.50.0.html
- https://blog.rust-lang.org/2021/03/25/Rust-1.51.0.html
- https://blog.rust-lang.org/2021/05/06/Rust-1.52.0.html
- https://blog.rust-lang.org/2021/05/10/Rust-1.52.1.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36323
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28876
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28878
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28879
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31162

SRPMS:
- 8/core/rust-1.52.1-1.mga8
- 8/core/alacritty-0.7.1-1.1.mga8
- 8/core/cargo-c-0.7.0-1.1.mga8
- 8/core/dust-0.5.1-1.1.mga8
- 8/core/librsvg-2.50.3-1.1.mga8
- 8/core/mozjs68-68.11.0-1.1.mga8
- 8/core/mozjs78-78.11.0-1.mga8
- 8/core/neovim-gtk-0.2.0-0.git20190512.2.1.mga8
- 8/core/ripgrep-12.1.1-1.1.mga8