RUSTSEC-2019-0034 HeaderMap::Drain API is unsound

Affected versions of this crate incorrectly used raw pointer, which introduced unsoundness in its public safe API. Failing to drop the Drain struct causes double-free, and it is possible to violate Rust's alias rule and cause data race with Drain's Iterator implementation. The flaw was corrected ...

DesignerHelper-rs (>=0.1.0 <=0.1.2), GetPDB (>=0.1.0 <=1.0.1) +6475 more potentially affected by CVE-2019-25010 +1 more via failure (>=0.1.0 <=0.1.8)

failure CARGO version =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.0.1, =0.4.0 - abscissacore =0.4.0 and more Source cves: CVE-2019-25010, CVE-2020-25575 Source advisory: OSV:RUSTSEC-2019-0036...

Type confusion if __private_get_type_id__ is overridden

Safe Rust code can implement malfunctioning privategettypeid and cause type confusion when downcasting, which is an undefined behavior. Users who derive Fail trait are not affected...

RUSTSEC-2019-0036 Type confusion if __private_get_type_id__ is overridden

Safe Rust code can implement malfunctioning privategettypeid and cause type confusion when downcasting, which is an undefined behavior. Users who derive Fail trait are not affected...

openSUSE Security Update : MozillaThunderbird (openSUSE-2019-2464)

This update for MozillaThunderbird to version 68.2.1 provides the following fixes : - Security issues fixed bsc1154738 : - CVE-2019-15903: Fixed a heap overflow in the expat library bsc1149429. - CVE-2019-11757: Fixed a use-after-free when creating index updates in IndexedDB bsc1154738. -...

Recommended update for MozillaThunderbird (important)

openSUSE Security Update: Recommended update for MozillaThunderbird Announcement ID: openSUSE-SU-2019:2464-1 Rating: important References: 1149126 1149429 1151186 1152778 1153879 1154738 Cross-References: CVE-2019-11757 CVE-2019-11758 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762...

Recommended update for MozillaThunderbird (important)

openSUSE Security Update: Recommended update for MozillaThunderbird Announcement ID: openSUSE-SU-2019:2452-1 Rating: important References: 1149126 1149429 1151186 1152778 1153879 1154738 Cross-References: CVE-2019-11757 CVE-2019-11758 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762...

Using Rust in Windows

This Saturday 9th of November, there will be a keynote from Microsoft engineers Ryan Levick and Sebastian Fernandez at RustFest Barcelona. They will be talking about why Microsoft is exploring Rust adoption, some of the challenges we’ve faced in this process, and the future of Rust adoption in...

Using Rust in Windows

This Saturday 9th of November, there will be a keynote from Microsoft engineers Ryan Levick and Sebastian Fernandez at RustFest Barcelona. They will be talking about why Microsoft is exploring Rust adoption, some of the challenges we’ve faced in this process, and the future of Rust adoption in...

Using Rust in Windows

This Saturday 9th of November, there will be a keynote from Microsoft engineers Ryan Levick and Sebastian Fernandez at RustFest Barcelona. They will be talking about why Microsoft is exploring Rust adoption, some of the challenges we’ve faced in this process, and the future of Rust adoption in...

[SECURITY] [DSA 4549-1] firefox-esr security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4549-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 24, 2019 https://www.debian.org/security/faq -...

SUSE SLED15 / SLES15 Security Update : rust (SUSE-SU-2019:2755-1)

This update for rust fixes the following issues : Rust was updated to version 1.36.0. Security issues fixed : CVE-2019-12083: a standard method can be overridden violating Rust's safety guarantees and causing memory unsafety bsc1134978 CVE-2018-1000622: rustdoc loads plugins from world-writable...

SUSE-SU-2019:2755-1 Security update for rust

This update for rust fixes the following issues: Rust was updated to version 1.36.0. Security issues fixed: - CVE-2019-12083: a standard method can be overridden violating Rust's safety guarantees and causing memory unsafety bsc1134978 - CVE-2018-1000622: rustdoc loads plugins from world writable...

arrow (>=0.14.0 <=0.15.1), blockbuffers (=0.1.0) +12 more potentially affected by CVE-2019-25004 via flatbuffers (>=0.4.0 <=0.5.0)

flatbuffers CARGO version =0.4.0, =0.14.0, =0.1.8, =0.1.0, =0.0.5, =0.1.0, =0.1.0, =0.2.0, =3.0.0, =1.0.0, =1.1.2, =1.2.0, =1.3.2 Source cves: CVE-2019-25004 Source advisory: OSV:RUSTSEC-2019-0028...

Unsound `impl Follow for bool`

The implementation of impl Follow for bool allows to reinterpret arbitrary bytes as a bool. In Rust bool has stringent requirements for its in-memory representation. Use of this function allows to violate these requirements and invoke undefined behaviour in safe code...

RUSTSEC-2019-0028 Unsound `impl Follow for bool`

The implementation of impl Follow for bool allows to reinterpret arbitrary bytes as a bool. In Rust bool has stringent requirements for its in-memory representation. Use of this function allows to violate these requirements and invoke undefined behaviour in safe code...

An intern’s experience with Rust

Over the course of my internship at the Microsoft Security Response Center MSRC, I worked on the safe systems programming languages SSPL team to promote safer languages for systems programming where runtime overhead is important, as outlined in this blog. My job was to port a security critical...

An intern's experience with Rust

Over the course of my internship at the Microsoft Security Response Center MSRC, I worked on the safe systems programming languages SSPL team to promote safer languages for systems programming where runtime overhead is important, as outlined in this blog. My job was to port a security critical...

An intern's experience with Rust

Over the course of my internship at the Microsoft Security Response Center MSRC, I worked on the safe systems programming languages SSPL team to promote safer languages for systems programming where runtime overhead is important, as outlined in this blog. My job was to port a security critical...

CVE-2019-16760

Cargo prior to Rust 1.26.0 may download the wrong dependency if your package.toml file uses the package configuration key. Usage of the package key to rename dependencies in Cargo.toml is ignored in Rust 1.25.0 and prior. When Rust 1.25.0 and prior is used Cargo may download the wrong dependency,...