Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RUSTSEC-2020-0146: arr! macro erases lifetimes #42

Closed
github-actions bot opened this issue Mar 2, 2021 · 1 comment
Closed

RUSTSEC-2020-0146: arr! macro erases lifetimes #42

github-actions bot opened this issue Mar 2, 2021 · 1 comment

Comments

@github-actions
Copy link

github-actions bot commented Mar 2, 2021

arr! macro erases lifetimes

Details
Package generic-array
Version 0.12.3
URL fizyk20/generic-array#98
Date 2020-04-09
Patched versions >=0.14.0
Unaffected versions <0.8.0

Affected versions of this crate allowed unsoundly extending
lifetimes using arr! macro. This may result in a variety of
memory corruption scenarios, most likely use-after-free.

See advisory page for additional details.
@evgeniy-r
Copy link
Member

evgeniy-r commented Mar 6, 2021
edited
Loading

tera depends on pest_meta which depends on sha-1:0.8 which depends on block-buffer:0.7.3 and digest:0.8.1 which depends on the old version of generic-array.

pest team fixed it, but doesn't release yet:
pest-parser/pest@4fcdcfb

@evgeniy-r evgeniy-r mentioned this issue May 20, 2021
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@evgeniy-r