Source: rust-coreutils X-Debbugs-CC: [email protected] Severity: important Tags: security
Hi, The following vulnerability was published for rust-coreutils. CVE-2026-35344[0]: | The dd utility in uutils coreutils suppresses errors during file | truncation operations by unconditionally calling Result::ok() on | truncation attempts. While intended to mimic GNU behavior for | special files like /dev/null, the uutils implementation also hides | failures on regular files and directories caused by full disks or | read-only file systems. This can lead to silent data corruption in | backup or migration scripts, as the utility may report a successful | operation even when the destination file contains old or garbage | data. https://github.com/uutils/coreutils/issues/9745 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2026-35344 https://www.cve.org/CVERecord?id=CVE-2026-35344 Please adjust the affected versions in the BTS as needed.
