You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
According to servo/rust-smallvec#353, there was a memory corruption in smallvec 2.0.0-alpha.5. I didn't check the range of affected versions, although that bug report mentions that:
Smallvec 1.x works fine.
I don't know what's the policy for vulnerabilities in pre-release versions, but given that smallvec is used a lot (and the 2.0.0-alpha.x branch already has 8 reverse dependencies according to https://lib.rs/crates/smallvec/rev), it may be worth recording that in the advisory database.
Perhaps using the version range >= 2.0.0 <= 2.0.0-alpha.5 to be conservative (I'm not sure how the tool works w.r.t. version suffixes)?
The text was updated successfully, but these errors were encountered:
According to servo/rust-smallvec#353, there was a memory corruption in
smallvec 2.0.0-alpha.5. I didn't check the range of affected versions, although that bug report mentions that:I don't know what's the policy for vulnerabilities in pre-release versions, but given that smallvec is used a lot (and the 2.0.0-alpha.x branch already has 8 reverse dependencies according to https://lib.rs/crates/smallvec/rev), it may be worth recording that in the advisory database.
Perhaps using the version range
>= 2.0.0 <= 2.0.0-alpha.5to be conservative (I'm not sure how the tool works w.r.t. version suffixes)?The text was updated successfully, but these errors were encountered: