MGASA-2021-0517 - Updated rust packages fix security vulnerability

Publication date: 20 Nov 2021
URL: https://advisories.mageia.org/MGASA-2021-0517.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2021-42574

Updated rust packages fix security vulnerability

This update mitigates a security concern in the Unicode standard, affecting
source code containing "bidirectional override" Unicode codepoints: in some
cases the use of those codepoints could lead to the reviewed code being
different than the compiled code (CVE-2021-42574).

rustc mitigates the issue by issuing two new deny-by-default lints detecting
the affected codepoints in string literals and in comments. The lints will 
prevent source code files containing those codepoints from being compiled,
protecting developers and users from the attack.

This update also provides new features and bugfixes included in Rust since
the previously packaged version 1.51.1. See the referenced release notes for
details.

References:
- https://bugs.mageia.org/show_bug.cgi?id=29616
- https://www.openwall.com/lists/oss-security/2021/11/01/1
- https://blog.rust-lang.org/2021/05/06/Rust-1.52.0.html
- https://blog.rust-lang.org/2021/06/17/Rust-1.53.0.html
- https://blog.rust-lang.org/2021/07/29/Rust-1.54.0.html
- https://blog.rust-lang.org/2021/09/09/Rust-1.55.0.html
- https://blog.rust-lang.org/2021/10/21/Rust-1.56.0.html
- https://blog.rust-lang.org/2021/11/01/Rust-1.56.1.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42574

SRPMS:
- 8/core/rust-1.56.1-1.mga8