Your message dated Sat, 28 Aug 2021 07:34:01 +0000
with message-id <[email protected]>
and subject line Bug#993146: fixed in rust-crossbeam-deque 0.7.4-1
has caused the Debian Bug report #993146,
regarding rust-crossbeam-deque: CVE-2021-32810
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
993146: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993146
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: rust-crossbeam-deque
X-Debbugs-CC: [email protected]
Severity: important
Tags: security

Hi,

The following vulnerability was published for rust-crossbeam-deque.

CVE-2021-32810[0]:
| crossbeam-deque is a package of work-stealing deques for building task
| schedulers when programming in Rust. In versions prior to 0.7.4 and
| 0.8.0, the result of the race condition is that one or more tasks in
| the worker queue can be popped twice instead of other tasks that are
| forgotten and never popped. If tasks are allocated on the heap, this
| can cause double free and a memory leak. If not, this still can cause
| a logical bug. Crates using `Stealer::steal`, `Stealer::steal_batch`,
| or `Stealer::steal_batch_and_pop` are affected by this issue. This has
| been fixed in crossbeam-deque 0.8.1 and 0.7.4.

https://rustsec.org/advisories/RUSTSEC-2021-0093.html

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-32810
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32810

Please adjust the affected versions in the BTS as needed.

--- End Message ---
--- Begin Message ---
Source: rust-crossbeam-deque
Source-Version: 0.7.4-1
Done: Peter Michael Green <[email protected]>

We believe that the bug you reported is fixed in the latest version of
rust-crossbeam-deque, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Peter Michael Green <[email protected]> (supplier of updated 
rust-crossbeam-deque package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 28 Aug 2021 07:13:50 +0000
Source: rust-crossbeam-deque
Architecture: source
Version: 0.7.4-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Rust Maintainers 
<[email protected]>
Changed-By: Peter Michael Green <[email protected]>
Closes: 993146
Changes:
 rust-crossbeam-deque (0.7.4-1) unstable; urgency=medium
 .
   * Team upload.
   * Package crossbeam-deque 0.7.4 from crates.io using debcargo 2.4.4
     - new upstream version fixes CVE-2021-32810 (Closes: 993146)
   * Bump dev-dependency on rand so autopkgtest can run.
Checksums-Sha1:
 221ec9f8780f18971cf23eb54add2c1cf6e00063 2512 rust-crossbeam-deque_0.7.4-1.dsc
 ebc2733842b3b4ec48d07d169dbd6d25f056bca8 19868 
rust-crossbeam-deque_0.7.4.orig.tar.gz
 363ff3fbadcd02336d13a1d4fa39a88b2bc16e07 3016 
rust-crossbeam-deque_0.7.4-1.debian.tar.xz
 688a894c6da82b579687d8481e4c867771177fb3 7605 
rust-crossbeam-deque_0.7.4-1_source.buildinfo
Checksums-Sha256:
 b1f34f534565abc03f3ee2c9acd12c79350f49eba56661f04f6cf7c22cfb55de 2512 
rust-crossbeam-deque_0.7.4-1.dsc
 c20ff29ded3204c5106278a81a38f4b482636ed4fa1e6cfbeef193291beb29ed 19868 
rust-crossbeam-deque_0.7.4.orig.tar.gz
 c53c55567b7aa3f9ff69cda0edba1488b3b08fcf56275bb875a6ef20960b21a1 3016 
rust-crossbeam-deque_0.7.4-1.debian.tar.xz
 dc4b93785b56ca00c652525e7708ac9af9dafc0f86bf3709401ba8740a5378dc 7605 
rust-crossbeam-deque_0.7.4-1_source.buildinfo
Files:
 d047d2ab769c19d590d2e6f76ff44303 2512 rust optional 
rust-crossbeam-deque_0.7.4-1.dsc
 372d983bc911b6099ad1b8ed6087604f 19868 rust optional 
rust-crossbeam-deque_0.7.4.orig.tar.gz
 54789fa4557286726311c9ec9842d810 3016 rust optional 
rust-crossbeam-deque_0.7.4-1.debian.tar.xz
 ba2ab52cc7c6efd7922100e84a6cf20b 7605 rust optional 
rust-crossbeam-deque_0.7.4-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEU0DQATYMplbjSX63DEjqKnqP/XsFAmEp4xoUHHBsdWd3YXNo
QGRlYmlhbi5vcmcACgkQDEjqKnqP/XtxAA/+KEbCq2/ISD7hum8dPwkCETzKLx5L
Y8K6J51yDvZ4nXw7tsNJnVtZjZxpO9aIbOHc1ELr6snBbn2/kPge7eZm8aPYJsNT
i47VVcrnRGLWQM7wKrRKmjPhnyHQvhaJni6NJ6DWLHtpSC+phjyDasagguqPBMfJ
XIkpX2ZppvHt1zuFVzTyVNzQVCEVlinVIjBRTXFkFEf6LuNJ/O7PUYmFA+JXGPSB
LtSsyVSOQ3KVyveC8I8Sjq9+FfhbPMZNiAmzYpcE52If/uv8R8XdMg3LLhYet6pL
dIW22q+lQ+t1CsNTHueUFhZjfBNRgum3YMTUpSxIxg7tmJ66VgVC+ZRf8KaAFdhS
/M6+oO0OKrPCXog3FU5S9WuPW7IANOfvA6lswOfw+F6+8aGKkzVMizHXj++tLDJ5
8/7I5lNaMpBaJ/UVrwX8HKdNUp3pJ2mk2R3YVgQsLPf92elvhAVHPTQ2BYCKdx7e
nuNWDdISykKCDW+CMG4Hd11n9voILVtayvzVYhjx9AUTGtHQq0Ou1yz4x73UnXVx
Rv7gbSGaZb1If9r8BYprLEsCOrXOiD4hwjWSTtknAWnRmwmn/YLHgP0CeAb1Wk/S
r6wauR9PqcdOkxbqOOd2F3K5D229v/X0MKRygJ405nICrGK7RlottNXlPLti8iwu
q1AB+h1nAe1XH3s=
=CK3M
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to