[SECURITY] Fedora 40 Update: rust-asahi-nvram-0.2.1-3.fc40

A tool to read and write nvram variables on ARM Macs...

[SECURITY] Fedora 40 Update: rust-asahi-wifisync-0.2.0-3.fc40

A tool to sync Wifi passwords with macos on ARM Macs...

[SECURITY] Fedora 40 Update: rust-alacritty-0.13.2-2.fc40

A fast, cross-platform, OpenGL terminal emulator...

[SECURITY] Fedora 40 Update: ruff-0.3.7-2.fc40

An extremely fast Python linter and code formatter, written in Rust. Ruff aims to be orders of magnitude faster than alternative tools while integrating more functionality behind a single, common interface. Ruff can be used to replace Flake8 plus dozens of plugins, Black, isort, pydocstyle,...

[SECURITY] Fedora 40 Update: maturin-1.5.1-2.fc40

Build and publish crates with pyo3, rust-cpython and cffi bindings as well as rust binaries as python packages...

[SECURITY] Fedora 40 Update: loupe-46.2-2.fc40

An image viewer application written with GTK 4, Libadwaita and Rust. Features: - Fast GPU accelerated image rendering with tiled rendering for SVGs - Extendable and sandboxed expect SVG image decoding - Support for more than 15 image formats by default - Extensive support for touchpad and...

[SECURITY] Fedora 40 Update: helix-24.03-3.fc40

A Kakoune / Neovim inspired editor, written in Rust...

CVE-2021-47561 i2c: virtio: disable timeout handling

In the Linux kernel, the following vulnerability has been resolved: i2c: virtio: disable timeout handling If a timeout is hit, it can result is incorrect data on the I2C bus and/or memory corruptions in the guest since the device can still be operating on the buffers it was given while the guest...

CVE-2021-47561 i2c: virtio: disable timeout handling

In the Linux kernel, the following vulnerability has been resolved: i2c: virtio: disable timeout handling If a timeout is hit, it can result is incorrect data on the I2C bus and/or memory corruptions in the guest since the device can still be operating on the buffers it was given while the guest...

CVE-2024-35197

gitoxide is a pure Rust implementation of Git. On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the...

CVE-2024-35197

CVE-2024-35197 affects the gitoxide project (gitoxide-core) and related advisories, describing a Windows-specific issue where fetching refs or checking out paths that collide with legacy device names can cause reads from devices or writes to devices. This can lead to indefinite blocking or the pr...

CVE-2024-35197

gitoxide is a pure Rust implementation of Git. On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the...

gitoxide 安全漏洞

gitoxide is a git implementation written in Rust by the individual developer Sebastian Thiel. A security vulnerability exists in gitoxide prior to version 0.36.0, which can be exploited to execute arbitrary code by traversing the outside of the working tree...

openSUSE Security Advisory (openSUSE-SU-2024:0130-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Tor Arti 安全漏洞

Tor Arti is a project of the Tor team to generate embeddable, production-quality implementations of the Tor anonymization protocol in the Rust programming language. A security vulnerability exists in Tor Arti versions prior to 1.2.3, which stems from a message length error...

SUSE CVE-2024-24576

Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when invoking batch files with the bat and cmd extensions on Windows using the Command. An attacker able to control the arguments...

CVE-2024-34353

The matrix-sdk-crypto crate, part of the Matrix Rust SDK project, is an implementation of a Matrix end-to-end encryption state machine in Rust. In Matrix, the server-side key backup stores encrypted copies of Matrix message keys. This facilitates key sharing between a user's devices and provides ...

GHSA-9GGC-845V-GCGV matrix-sdk-crypto contains a log exposure of private key of the server-side key backup

Introduction In Matrix, the server-side key backup stores encrypted copies of Matrix message keys. This facilitates key sharing between a user's devices and provides a redundant copy in case all devices are lost. The key backup uses asymmetric cryptography, with each server-side key backup assign...

matrix-sdk-crypto contains a log exposure of private key of the server-side key backup

Introduction In Matrix, the server-side key backup stores encrypted copies of Matrix message keys. This facilitates key sharing between a user's devices and provides a redundant copy in case all devices are lost. The key backup uses asymmetric cryptography, with each server-side key backup assign...

CVE-2024-34353

The CVE-2024-34353 issue affects the matrix-sdk-crypto crate (part of the Matrix Rust SDK). A logic bug introduced in a specific commit caused the private part of the server-side backup key pair to be logged at debug time via the tracing crate, potentially exposing sensitive material on affected ...