Skip to content

[beta] Fix CVE-2021-42574 #90461

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Merged
merged 2 commits into from
Nov 1, 2021
Merged

[beta] Fix CVE-2021-42574 #90461

merged 2 commits into from
Nov 1, 2021

Conversation

pietroalbini
Copy link
Member

This PR implements new lints to mitigate the impact of CVE-2021-42574, caused by the presence of bidirectional-override Unicode codepoints in the compiled source code. See the advisory for more information about the vulnerability.

The changes in this PR will be released in tomorrow's beta release.

@rust-highfive
Copy link
Contributor

r? @michaelwoerister

(rust-highfive has picked a reviewer for you, use r? to override)

@rust-highfive
Copy link
Contributor

⚠️ Warning ⚠️

  • Pull requests are usually filed against the master branch for this repo, but this one is against beta. Please double check that you specified the right target!

@rust-highfive rust-highfive added the S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. label Nov 1, 2021
@pietroalbini
Copy link
Member Author

The fix was developed by @estebank and reviewed by @nikomatsakis out of band.

@bors r=nikomatsakis p=500 rollup=never

@bors
Copy link
Collaborator

bors commented Nov 1, 2021

📌 Commit a59d96e has been approved by nikomatsakis

@bors bors added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Nov 1, 2021
@bors
Copy link
Collaborator

bors commented Nov 1, 2021

⌛ Testing commit a59d96e with merge 7ff55cddaa3cb0547f4307de21fcbcbadb7507e5...

@Mark-Simulacrum
Copy link
Member

@bors retry prioritize stable build

@rust-log-analyzer
Copy link
Collaborator

A job failed! Check out the build log: (web) (plain)

Click to see the possible cause of the failure (guessed by this bot)

@bors
Copy link
Collaborator

bors commented Nov 1, 2021

⌛ Testing commit a59d96e with merge 708d57e...

@bors
Copy link
Collaborator

bors commented Nov 1, 2021

☀️ Test successful - checks-actions
Approved by: nikomatsakis
Pushing 708d57e to beta...

@bors bors added the merged-by-bors This PR was explicitly merged by bors. label Nov 1, 2021
@bors bors merged commit 708d57e into rust-lang:beta Nov 1, 2021
@rustbot rustbot added this to the 1.57.0 milestone Nov 1, 2021
@pietroalbini pietroalbini deleted the bidi-beta branch November 1, 2021 10:54
@JeffBezanson JeffBezanson mentioned this pull request Nov 3, 2021
Merged
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees

@michaelwoerister michaelwoerister

Labels
merged-by-bors This PR was explicitly merged by bors. S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion.
Projects
None yet
Milestone
1.57.0
Development

Successfully merging this pull request may close these issues.
8 participants
@pietroalbini @rust-highfive @bors @Mark-Simulacrum @rust-log-analyzer @michaelwoerister @rustbot @estebank