On 07/03/2021 02:30, plugwash-urgent wrote:
my tentative conclusion is that the insert_many
operation in rust-arrayvec does not seem to actually be used.
While I can't find any applications that uses the broken function
in rust-smallvec (saying arrayvec above was a brainfart), I
still think we
I started looking into this bug and trying to gauge it's impact.
In particular what if-any applications in Debian actually use the broken
code.
First I tried to use codesearch to search for insert_many but I got way
too many
false-positives. So I tried a different approach. I did however
Source: rust-smallvec
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team
https://rustsec.org/advisories/RUSTSEC-2021-0003.html
https://github.com/servo/rust-smallvec/issues/252
Cheers,
Moritz
3 matches
Mail list logo
