Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[beta] Fix CVE-2021-42574 #90461

Merged
merged 2 commits into from
Nov 1, 2021
Merged

[beta] Fix CVE-2021-42574 #90461

merged 2 commits into from
Nov 1, 2021

Conversation

pietroalbini
Copy link
Member

This PR implements new lints to mitigate the impact of CVE-2021-42574, caused by the presence of bidirectional-override Unicode codepoints in the compiled source code. See the advisory for more information about the vulnerability.

The changes in this PR will be released in tomorrow's beta release.

@rust-highfive
Copy link
Collaborator

r? @michaelwoerister

(rust-highfive has picked a reviewer for you, use r? to override)

@rust-highfive
Copy link
Collaborator

⚠️ Warning ⚠️

  • Pull requests are usually filed against the master branch for this repo, but this one is against beta. Please double check that you specified the right target!

@rust-highfive rust-highfive added the S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. label Nov 1, 2021
@pietroalbini
Copy link
Member Author

The fix was developed by @estebank and reviewed by @nikomatsakis out of band.

@bors r=nikomatsakis p=500 rollup=never

@bors
Copy link
Contributor

bors commented Nov 1, 2021

📌 Commit a59d96e has been approved by nikomatsakis

@bors bors added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Nov 1, 2021
@bors
Copy link
Contributor

bors commented Nov 1, 2021

⌛ Testing commit a59d96e with merge 7ff55cddaa3cb0547f4307de21fcbcbadb7507e5...

@Mark-Simulacrum
Copy link
Member

@bors retry prioritize stable build

@rust-log-analyzer
Copy link
Collaborator

A job failed! Check out the build log: (web) (plain)

Click to see the possible cause of the failure (guessed by this bot)

@bors
Copy link
Contributor

bors commented Nov 1, 2021

⌛ Testing commit a59d96e with merge 708d57e...

@bors
Copy link
Contributor

bors commented Nov 1, 2021

☀️ Test successful - checks-actions
Approved by: nikomatsakis
Pushing 708d57e to beta...

@bors bors added the merged-by-bors This PR was explicitly merged by bors. label Nov 1, 2021
@bors bors merged commit 708d57e into rust-lang:beta Nov 1, 2021
@rustbot rustbot added this to the 1.57.0 milestone Nov 1, 2021
@pietroalbini pietroalbini deleted the bidi-beta branch November 1, 2021 10:54
@JeffBezanson JeffBezanson mentioned this pull request Nov 3, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@michaelwoerister michaelwoerister

Labels
merged-by-bors This PR was explicitly merged by bors. S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion.
Projects
None yet
Milestone
1.57.0
Development

Successfully merging this pull request may close these issues.
8 participants
@pietroalbini @rust-highfive @bors @Mark-Simulacrum @rust-log-analyzer @michaelwoerister @rustbot @estebank