Vulnerabilities in futures-task and futures-util

tastytea <tastytea@tastytea.de>

Details

Message ID: <20210907114220.294b6912@ventiloplattform.tastytea.de>
DKIM signature: missing

Download raw message

3 years ago

Hi, I'm making a gentoo ebuild with cargo-ebuild[1], and it informed me
of 2 vulnerabilities in your dependencies:

Crate:    futures-task
Version:  0.3.5
Title:    futures_task::waker may cause a use-after-free if used on a
          type that isn't 'static 
Date:     2020-09-04
ID:       RUSTSEC-2020-0060
URL:      https://rustsec.org/advisories/RUSTSEC-2020-0060
Solution: Upgrade to >=0.3.6

Crate:    futures-util
Version:  0.3.5
Title:    MutexGuard::map can cause a data race in safe code
Date:     2020-10-22
ID:       RUSTSEC-2020-0059
URL:      https://rustsec.org/advisories/RUSTSEC-2020-0059
Solution: Upgrade to >=0.3.7

Kind regards, tastytea

[1] https://gitweb.gentoo.org/proj/cargo-ebuild.git

Julien Blanchard <julien@typed-hole.org>

Details

Message ID: <c1f0ec05-5cc1-81b2-ae8a-0c8d86d40185@typed-hole.org>
In-Reply-To: <20210907114220.294b6912@ventiloplattform.tastytea.de> (view parent)
DKIM signature: missing

Download raw message

3 years ago

Thanks! I just pushed an update of Castor crates, that should fix it.

~julienxx/castor

Vulnerabilities in futures-task and futures-util