[Git][security-tracker-team/security-tracker][master] Some rust-coreutils issues remianed with open status upstream yet

Salvatore Bonaccorso (@carnil) Wed, 06 May 2026 23:03:26 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
226a35a2 by Salvatore Bonaccorso at 2026-05-07T08:02:05+02:00
Some rust-coreutils issues remianed with open status upstream yet

I'm not sure I catched all on review, so douple check and clarification
with maintainer and upstream might be required.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8144,12 +8144,12 @@ CVE-2026-35378 (A logic error in the expr utility of 
uutils coreutils causes the
        NOTE: https://github.com/uutils/coreutils/pull/11395
        NOTE: Fixed by: 
https://github.com/uutils/coreutils/commit/76b2f7877f558f3bfa78e3d4f49f022460f509b7
 (0.8.0)
 CVE-2026-35377 (A logic error in the env utility of uutils coreutils causes a 
failure  ...)
-       - rust-coreutils 0.8.0-1 (bug #1134876)
+       - rust-coreutils <unfixed>
        [trixie] - rust-coreutils <no-dsa> (Minor issue)
        [bookworm] - rust-coreutils <no-dsa> (Minor issue)
        NOTE: https://github.com/uutils/coreutils/pull/11512
 CVE-2026-35376 (A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists 
in the ch ...)
-       - rust-coreutils 0.8.0-1 (bug #1134876)
+       - rust-coreutils <unfixed>
        [trixie] - rust-coreutils <no-dsa> (Minor issue)
        [bookworm] - rust-coreutils <no-dsa> (Minor issue)
        NOTE: https://github.com/uutils/coreutils/pull/11402
@@ -8160,12 +8160,12 @@ CVE-2026-35375 (A logic error in the split utility of 
uutils coreutils causes th
        NOTE: https://github.com/uutils/coreutils/pull/11397
        NOTE: Fixed by: 
https://github.com/uutils/coreutils/commit/d2b9550fe821a9a10bf0cec057509211357363f1
 (0.8.0)
 CVE-2026-35374 (A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists 
in the sp ...)
-       - rust-coreutils 0.8.0-1 (bug #1134876)
+       - rust-coreutils <unfixed>
        [trixie] - rust-coreutils <no-dsa> (Minor issue)
        [bookworm] - rust-coreutils <no-dsa> (Minor issue)
        NOTE: https://github.com/uutils/coreutils/pull/11401
 CVE-2026-35373 (A logic error in the ln utility of uutils coreutils causes the 
program ...)
-       - rust-coreutils 0.8.0-1 (bug #1134876)
+       - rust-coreutils <unfixed>
        [trixie] - rust-coreutils <no-dsa> (Minor issue)
        [bookworm] - rust-coreutils <no-dsa> (Minor issue)
        NOTE: https://github.com/uutils/coreutils/pull/11403
@@ -8176,12 +8176,12 @@ CVE-2026-35372 (A logic error in the ln utility of 
uutils coreutils allows the u
        NOTE: https://github.com/uutils/coreutils/pull/11253
        NOTE: Fixed by: 
https://github.com/uutils/coreutils/commit/394c4b17f2f382b4be9f54389bcb79028de02f39
 (0.8.0)
 CVE-2026-35371 (The id utility in uutils coreutils exhibits incorrect behavior 
in its  ...)
-       - rust-coreutils 0.8.0-1 (bug #1134876)
+       - rust-coreutils <unfixed>
        [trixie] - rust-coreutils <no-dsa> (Minor issue)
        [bookworm] - rust-coreutils <no-dsa> (Minor issue)
        NOTE: https://github.com/uutils/coreutils/issues/10006
 CVE-2026-35370 (The id utility in uutils coreutils miscalculates the groups= 
section o ...)
-       - rust-coreutils 0.8.0-1 (bug #1134876)
+       - rust-coreutils <unfixed>
        [trixie] - rust-coreutils <no-dsa> (Minor issue)
        [bookworm] - rust-coreutils <no-dsa> (Minor issue)
        NOTE: https://github.com/uutils/coreutils/issues/10006
@@ -8192,12 +8192,12 @@ CVE-2026-35369 (An argument parsing error in the kill 
utility of uutils coreutil
        NOTE: https://github.com/uutils/coreutils/pull/9700
        NOTE: Fixed by: 
https://github.com/uutils/coreutils/commit/cae94028afcfa19b78dfc1072d1a22d8b2c6ca38
 (0.6.0)
 CVE-2026-35368 (A vulnerability exists in the chroot utility of uutils 
coreutils when  ...)
-       - rust-coreutils 0.8.0-1 (bug #1134876)
+       - rust-coreutils <unfixed>
        [trixie] - rust-coreutils <no-dsa> (Minor issue)
        [bookworm] - rust-coreutils <no-dsa> (Minor issue)
        NOTE: https://github.com/uutils/coreutils/issues/10327
 CVE-2026-35367 (The nohup utility in uutils coreutils creates its default 
output file, ...)
-       - rust-coreutils 0.8.0-1 (bug #1134876)
+       - rust-coreutils <unfixed>
        [trixie] - rust-coreutils <no-dsa> (Minor issue)
        [bookworm] - rust-coreutils <no-dsa> (Minor issue)
        NOTE: https://github.com/uutils/coreutils/issues/10021
@@ -8215,7 +8215,7 @@ CVE-2026-35365 (The mv utility in uutils coreutils 
improperly handles directory
        NOTE: https://github.com/uutils/coreutils/pull/10546
        NOTE: Fixed by: 
https://github.com/uutils/coreutils/commit/9654e4abaf24449ef2279e9a16963edb5c8b8fef
 (0.7.0-1)
 CVE-2026-35364 (A Time-of-Check to Time-of-Use (TOCTOU) race condition exists 
in the m ...)
-       - rust-coreutils 0.8.0-1 (bug #1134876)
+       - rust-coreutils <unfixed>
        [trixie] - rust-coreutils <no-dsa> (Minor issue)
        [bookworm] - rust-coreutils <no-dsa> (Minor issue)
        NOTE: https://github.com/uutils/coreutils/issues/10015
@@ -8237,7 +8237,7 @@ CVE-2026-35361 (The mknod utility in uutils coreutils 
fails to handle security l
        NOTE: https://github.com/uutils/coreutils/pull/10582
        NOTE: Fixed by: 
https://github.com/uutils/coreutils/commit/42b2ad83cdcf6e959ecb378c5040c60d9c64becf
 (0.6.0)
 CVE-2026-35360 (The touch utility in uutils coreutils is vulnerable to a 
Time-of-Check ...)
-       - rust-coreutils 0.8.0-1 (bug #1134876)
+       - rust-coreutils <unfixed>
        [trixie] - rust-coreutils <no-dsa> (Minor issue)
        [bookworm] - rust-coreutils <no-dsa> (Minor issue)
        NOTE: https://github.com/uutils/coreutils/issues/10019
@@ -8271,7 +8271,7 @@ CVE-2026-35355 (The install utility in uutils coreutils 
is vulnerable to a Time-
        NOTE: https://github.com/uutils/coreutils/pull/10067
        NOTE: Fixed by: 
https://github.com/uutils/coreutils/commit/b5bbabc18a1121908848d836f869a4e98eb63886
 (0.6.0)
 CVE-2026-35354 (A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists 
in the mv ...)
-       - rust-coreutils 0.8.0-1 (bug #1134876)
+       - rust-coreutils <unfixed>
        [trixie] - rust-coreutils <no-dsa> (Minor issue)
        [bookworm] - rust-coreutils <no-dsa> (Minor issue)
        NOTE: https://github.com/uutils/coreutils/issues/10014
@@ -8282,12 +8282,12 @@ CVE-2026-35353 (The mkdir utility in uutils coreutils 
incorrectly applies permis
        NOTE: https://github.com/uutils/coreutils/pull/10036
        NOTE: Fixed by; 
https://github.com/uutils/coreutils/commit/037b9583bc03d814e8516df54ebcda6f681fe1f8
 (0.6.0)
 CVE-2026-35352 (A Time-of-Check to Time-of-Use (TOCTOU) race condition exists 
in the m ...)
-       - rust-coreutils 0.8.0-1 (bug #1134876)
+       - rust-coreutils <unfixed>
        [trixie] - rust-coreutils <no-dsa> (Minor issue)
        [bookworm] - rust-coreutils <no-dsa> (Minor issue)
        NOTE: https://github.com/uutils/coreutils/issues/10020
 CVE-2026-35351 (The mv utility in uutils coreutils fails to preserve file 
ownership du ...)
-       - rust-coreutils 0.8.0-1 (bug #1134876)
+       - rust-coreutils <unfixed>
        [trixie] - rust-coreutils <no-dsa> (Minor issue)
        [bookworm] - rust-coreutils <no-dsa> (Minor issue)
        NOTE: https://github.com/uutils/coreutils/issues/9714
@@ -8305,7 +8305,7 @@ CVE-2026-35349 (A vulnerability in the rm utility of 
uutils coreutils allows a b
        NOTE: https://github.com/uutils/coreutils/pull/9706
        NOTE: Fixed by: 
https://github.com/uutils/coreutils/commit/5e5968cdbc6618acd6c2402a8a98b503f278835e
 (0.7.0)
 CVE-2026-35348 (The sort utility in uutils coreutils is vulnerable to a 
process panic  ...)
-       - rust-coreutils 0.8.0-1 (bug #1134876)
+       - rust-coreutils <unfixed>
        [trixie] - rust-coreutils <no-dsa> (Minor issue)
        [bookworm] - rust-coreutils <no-dsa> (Minor issue)
        NOTE: https://github.com/uutils/coreutils/issues/9696
@@ -8345,7 +8345,7 @@ CVE-2026-35342 (The mktemp utility in uutils coreutils 
fails to properly handle
        NOTE: https://github.com/uutils/coreutils/pull/10566
        NOTE: Fixed by (merge): 
https://github.com/uutils/coreutils/commit/eb25ec328b226d8fbbaa4058bf9187165bf06d51
 (0.6.0)
 CVE-2026-35341 (A vulnerability in uutils coreutils mkfifo allows for the 
unauthorized ...)
-       - rust-coreutils 0.8.0-1 (bug #1134876)
+       - rust-coreutils <unfixed>
        [trixie] - rust-coreutils <no-dsa> (Minor issue)
        [bookworm] - rust-coreutils <no-dsa> (Minor issue)
        NOTE: https://github.com/uutils/coreutils/issues/10020



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/226a35a2ba939156059ec3a88d0327c1c55fb557

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/226a35a2ba939156059ec3a88d0327c1c55fb557
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Some rust-coreutils issues remianed with open status upstream yet

Reply via email to