Search CVE reports
1 – 3 of 3 results
Some fixes available 34 of 53
tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpack_dir function uses fs::metadata() to check whether a path that already exists is a...
23 affected packages
rust-tar, rustc, rustc-1.62, rustc-1.74, rustc-1.76...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| rust-tar | Not affected | Fixed | Fixed | Needs evaluation | — |
| rustc | Not in release | Fixed | Fixed | Needs evaluation | Needs evaluation |
| rustc-1.62 | Not in release | Not in release | Fixed | — | — |
| rustc-1.74 | Not in release | Fixed | Not in release | — | — |
| rustc-1.76 | Not in release | Fixed | Fixed | Needs evaluation | — |
| rustc-1.77 | Not in release | Fixed | Fixed | Needs evaluation | — |
| rustc-1.78 | Not in release | Fixed | Fixed | Needs evaluation | — |
| rustc-1.79 | Not in release | Fixed | Fixed | Needs evaluation | — |
| rustc-1.80 | Not in release | Fixed | Fixed | Needs evaluation | — |
| rustc-1.81 | Not in release | Fixed | Fixed | — | — |
| rustc-1.82 | Not in release | Fixed | Fixed | — | — |
| rustc-1.83 | Not in release | Fixed | Fixed | — | — |
| rustc-1.84 | Not in release | Fixed | Fixed | — | — |
| rustc-1.85 | Not in release | Fixed | Fixed | — | — |
| rustc-1.88 | Not in release | Not in release | Not in release | — | — |
| rustc-1.89 | Not in release | Fixed | Fixed | — | — |
| rustc-1.91 | Not affected | Fixed | Fixed | — | — |
| rustc-1.92 | Not affected | Not in release | Not in release | — | — |
| rustc-1.93 | Not affected | Not in release | Not in release | — | — |
| cargo | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| rust-cargo-c | Not affected | Needs evaluation | Not in release | — | — |
| rust-async-tar | Not in release | Needs evaluation | Not in release | — | — |
| rust-astral-tokio-tar | Needs evaluation | Not in release | Not in release | — | — |
Some fixes available 6 of 11
Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If...
3 affected packages
rust-cargo, rustc, cargo
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| rust-cargo | Not affected | Vulnerable | Fixed | Not in release | Ignored |
| rustc | Not in release | Fixed | Not affected | Not affected | Not affected |
| cargo | Not in release | Not in release | Fixed | Fixed | Fixed |
Some fixes available 4 of 8
Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to...
2 affected packages
cargo, rust-cargo
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| cargo | Not in release | Not in release | Fixed | Fixed | Vulnerable |
| rust-cargo | Not affected | Not affected | Vulnerable | Not in release | Not in release |