svn commit: r501678 - head/security/vuxml
Tobias Kortkamp
tobik at FreeBSD.org
Wed May 15 03:08:34 UTC 2019
Author: tobik
Date: Wed May 15 03:08:32 2019
New Revision: 501678
URL: https://svnweb.freebsd.org/changeset/ports/501678
Log:
Add recent lang/rust security advisory
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Wed May 15 03:07:24 2019 (r501677)
+++ head/security/vuxml/vuln.xml Wed May 15 03:08:32 2019 (r501678)
@@ -58,6 +58,42 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="37528379-76a8-11e9-a4fd-00012e582166">
+ <topic>Rust -- violation of Rust's safety guarantees</topic>
+ <affects>
+ <package>
+ <name>rust</name>
+ <range><ge>1.34.0</ge><lt>1.34.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Sean McArthur reports:</p>
+ <blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12083">
+ <p>
+ The Rust Programming Language Standard Library 1.34.x
+ before 1.34.2 contains a stabilized method which, if
+ overridden, can violate Rust's safety guarantees and
+ cause memory unsafety. If the Error::type_id method
+ is overridden then any type can be safely cast to any
+ other type, causing memory safety vulnerabilities in
+ safe code (e.g., out-of-bounds write or read). Code
+ that does not manually implement Error::type_id is
+ unaffected.
+ </p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://blog.rust-lang.org/2019/05/13/Security-advisory.html</url>
+ <cvename>CVE-2019-12083</cvename>
+ </references>
+ <dates>
+ <discovery>2019-05-09</discovery>
+ <entry>2019-05-15</entry>
+ </dates>
+ </vuln>
+
<vuln vid="a99923a9-768c-11e9-885a-6451062f0f7a">
<topic>Flash Player -- arbitrary code execution</topic>
<affects>
More information about the svn-ports-head
mailing list