Skip to content

[stable] Update point release to fix CVE-2023-38497 #114410

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Merged
merged 2 commits into from
Aug 3, 2023
Merged

[stable] Update point release to fix CVE-2023-38497 #114410

merged 2 commits into from
Aug 3, 2023

Conversation

pietroalbini
Copy link
Member

This PR fixes CVE-2023-38497 on stable, by updating Cargo to a fixed version.

r? @ghost
cc @rust-lang/release

@rustbot rustbot added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. T-release Relevant to the release subteam, which will review and decide on the PR/issue. labels Aug 3, 2023
@rustbot
Copy link
Collaborator

rustbot commented Aug 3, 2023

Some changes occurred in src/tools/cargo

cc @ehuss

@pietroalbini
Copy link
Member Author

@bors r+ p=1000 rollup=never

@bors
Copy link
Collaborator

bors commented Aug 3, 2023

📌 Commit 64611e1 has been approved by pietroalbini

It is now in the queue for this repository.

@bors bors added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Aug 3, 2023
@pietroalbini pietroalbini mentioned this pull request Aug 3, 2023
Merged
@bors
Copy link
Collaborator

bors commented Aug 3, 2023

⌛ Testing commit 64611e1 with merge eb26296...

@bors
Copy link
Collaborator

bors commented Aug 3, 2023

💥 Test timed out

@bors bors added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. and removed S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. labels Aug 3, 2023
@pietroalbini
Copy link
Member Author

@bors retry

@bors bors added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Aug 3, 2023
@bors
Copy link
Collaborator

bors commented Aug 3, 2023

⌛ Testing commit 64611e1 with merge 792c9bcac96b57cb3356f8851aa152e7453cff0a...

@pietroalbini pietroalbini merged commit eb26296 into rust-lang:stable Aug 3, 2023
@rustbot rustbot added this to the 1.71.1 milestone Aug 3, 2023
@pietroalbini pietroalbini deleted the pa-cve-2023-38497-stable branch August 3, 2023 16:55
@pietroalbini
Copy link
Member Author

Manually pushed eb26296b556cef10fb713a38f3d16b9886080f26 to stable: it timed out on the bors side, but the Ci build finished successfully, so we have full artifacts for it.

@rust-log-analyzer
Copy link
Collaborator

A job failed! Check out the build log: (web) (plain)

Click to see the possible cause of the failure (guessed by this bot)

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. T-release Relevant to the release subteam, which will review and decide on the PR/issue.
Projects
None yet
Milestone
1.71.1
Development

Successfully merging this pull request may close these issues.
4 participants
@pietroalbini @rustbot @bors @rust-log-analyzer