Source: rust-crossbeam-deque X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security
Hi, The following vulnerability was published for rust-crossbeam-deque. CVE-2021-32810[0]: | crossbeam-deque is a package of work-stealing deques for building task | schedulers when programming in Rust. In versions prior to 0.7.4 and | 0.8.0, the result of the race condition is that one or more tasks in | the worker queue can be popped twice instead of other tasks that are | forgotten and never popped. If tasks are allocated on the heap, this | can cause double free and a memory leak. If not, this still can cause | a logical bug. Crates using `Stealer::steal`, `Stealer::steal_batch`, | or `Stealer::steal_batch_and_pop` are affected by this issue. This has | been fixed in crossbeam-deque 0.8.1 and 0.7.4. https://rustsec.org/advisories/RUSTSEC-2021-0093.html If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-32810 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32810 Please adjust the affected versions in the BTS as needed.
