From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id UXC6Opes7WFGnAAAgWs5BA (envelope-from ) for ; Sun, 23 Jan 2022 20:29:27 +0100 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id 4MuBNpes7WEweAEAauVa8A (envelope-from ) for ; Sun, 23 Jan 2022 20:29:27 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 756143098E for ; Sun, 23 Jan 2022 20:29:27 +0100 (CET) Received: from localhost ([::1]:55046 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nBiYH-0005St-Q2 for larch@yhetil.org; Sun, 23 Jan 2022 14:29:25 -0500 Received: from eggs.gnu.org ([209.51.188.92]:49782) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nBiXv-0005SF-RC for guix-patches@gnu.org; Sun, 23 Jan 2022 14:29:04 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:48413) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1nBiXu-00010T-6u for guix-patches@gnu.org; Sun, 23 Jan 2022 14:29:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1nBiXt-0005e2-TE for guix-patches@gnu.org; Sun, 23 Jan 2022 14:29:01 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#53461] [kiasoc5@tutanota.com: Rust CVE] Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sun, 23 Jan 2022 19:29:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 53461 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: Maxim Cournoyer Cc: 53461@debbugs.gnu.org Received: via spool by 53461-submit@debbugs.gnu.org id=B53461.164296614021691 (code B ref 53461); Sun, 23 Jan 2022 19:29:01 +0000 Received: (at 53461) by debbugs.gnu.org; 23 Jan 2022 19:29:00 +0000 Received: from localhost ([127.0.0.1]:41316 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nBiXs-0005dn-M0 for submit@debbugs.gnu.org; Sun, 23 Jan 2022 14:29:00 -0500 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:34581) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nBiXq-0005dZ-Mu for 53461@debbugs.gnu.org; Sun, 23 Jan 2022 14:28:59 -0500 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 4D26B5C003B; Sun, 23 Jan 2022 14:28:52 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute5.internal (MEProxy); Sun, 23 Jan 2022 14:28:52 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=cc:cc:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:sender :subject:subject:to:to; s=mesmtp; bh=65Cd/j4WkC07ilX4OoZQsddN2Un l3h69y28G3+ycBbs=; b=Rs/Ag/FD5nWNB9GvADBHXZumyRArUd7Thfwg+UBYezV g/PPmMEpXIz3YhTMl8xnk0/2jJ2/5sQW/b/XL1H/dUMeoz1Czm8ukq07+FfrqU9u U1Z5QVTBOrpzrCwgW7+VStuA/aT4KmXgy+dQBCVaIbLCy8mc3AWy/kkTl/Lh8Qk0 = DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=65Cd/j4WkC07ilX4O oZQsddN2Unl3h69y28G3+ycBbs=; b=CWpET67ubbPi/eiOFyV+4fUNuOFW701kE 3kk9g2Wx3E1xeGIl/RO6YlcsGObcviNe1YT8gMNxrNzuKMcl6GEp3+F/bmjuqc6+ ROoQ9HnzLQ7lxLblmfZIHO6iTCXovnWi5a5LlcLQ5a3qm0SM5qTZPR58lqJRvvXL xHmQrpptQlXQXrooGrUsSqy8+HKfvLxRIJAT8mSvDgTkMnB6DIZbEmNsH2Why0Y5 EZt4UIMjMF8IFyFU28EnoU75sJ/Wq/KyLyNt11o1tk8V5t3SzDpQM/v6azGAs9F1 BtS5Qt+Q8yaSaljZZTJl+V959vMBegMU/dFuNH5j5gQLEEYW0MBLg== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvvddrvdeggdduvdeiucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepfffhvffukfhfgggtuggjsehttdertddttddvnecuhfhrohhmpefnvghoucfh rghmuhhlrghrihcuoehlvghosehfrghmuhhlrghrihdrnhgrmhgvqeenucggtffrrghtth gvrhhnpeeukeektdffvddtudegjeegtdevhfeufeeivdejiedtieegtdevjedvjeehffev gfenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehlvg hosehfrghmuhhlrghrihdrnhgrmhgv X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sun, 23 Jan 2022 14:28:52 -0500 (EST) Date: Sun, 23 Jan 2022 14:28:50 -0500 From: Leo Famulari Message-ID: References: <87ilub6s7z.fsf@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <87ilub6s7z.fsf@gmail.com> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Migadu-Flow: FLOW_IN X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1642966167; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=65Cd/j4WkC07ilX4OoZQsddN2Unl3h69y28G3+ycBbs=; b=B4+q9NNT7L6qmUtAymD+ZyZZk8XM+hcB7qflAOtxINkJxFV6vxnMWAX4cP2dQfITeEsJb9 kfHgTp+NTwAMZj8y8dCKGQeh4zTjHbEnT97sik3fvBYoELK/GwMCx8bqdGPM2Tunw5TfDY vJHe2xNAn542/ln+6xLLiIoHEciw4caQVI/IuY1luu+QCApL8HdyzrLgq8ytzVz0x8iXeQ uwyyG7SW05LuXXX9bbhdy8lo+uE8b7hnWeGnveHxoKa6iw9WGYSY7Xql0yAByqw7zeZQ/M K7xpwP7kSANniu8O/BVKOjnfeeSNG59WkgRAA85gBjqB7lUc6Z+BqNAo3iqquQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1642966167; a=rsa-sha256; cv=none; b=syjs0DhQ7Ux+rQVIa45cHS/bccdR+A86atODV1GpCxv8Y8BS/kQzlXScmERbLAv5dD8aa2 jVrf+QU6TGPFRepn+XtOgF/uqqWBWmik116FYs/SE6414cQ99glI7P66uFwiDYLzLUhAk6 tGWjdP6ZjVyNz43qG55Ubv5rt7pue3ZB8AAn/asIebZbzJNy12qPMc9el3s6SHZ6jTVr83 HgzQpdkqDHnW/655kZyrsfRrW/LvrE2fkCrwTLZVvpiLqyiRwqZ9e304C8Ivc6fPgSTl7c 9FSxiHjppCP6BfyQVoD3alK8J6QdntZlAMkS0YCOtyyu7sMhz+j5343dAwWyOw== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=famulari.name header.s=mesmtp header.b="Rs/Ag/FD"; dkim=fail ("headers rsa verify failed") header.d=messagingengine.com header.s=fm1 header.b=CWpET67u; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -3.63 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=famulari.name header.s=mesmtp header.b="Rs/Ag/FD"; dkim=fail ("headers rsa verify failed") header.d=messagingengine.com header.s=fm1 header.b=CWpET67u; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 756143098E X-Spam-Score: -3.63 X-Migadu-Scanner: scn0.migadu.com X-TUID: troQ00sj7JUD On Sat, Jan 22, 2022 at 10:33:52PM -0500, Maxim Cournoyer wrote: > The rust-1.57 variable should probably be made private or hidden now. > > Also, unless we rebuild all crates with rust-1.58, it seems to me like > we won't be addressing the problem, as the CVE touches the > 'remove_dir_all' procedure part of the standard library of Rust (and we > all know Rust likes to build things statically). > > Am I missing something? I don't know about Rust things! I just forwarded this message from the private list to the public list.