Skip to content

Commit eb26296

Browse files
borsbors
committed
Auto merge of #114410 - pietroalbini:pa-cve-2023-38497-stable, r=pietroalbini
[stable] Update point release to fix CVE-2023-38497 This PR fixes CVE-2023-38497 on stable, by updating Cargo to a fixed version. r? `@ghost` cc `@rust-lang/release`
2 parents 7c79013 + 64611e1 commit eb26296

File tree

2 files changed

+2
-1
lines changed

2 files changed

+2
-1
lines changed

RELEASES.md

+1
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
Version 1.71.1 (2023-08-03)
22
===========================
33

4+
- [Fix CVE-2023-38497: Cargo did not respect the umask when extracting dependencies](https://github.com/rust-lang/cargo/security/advisories/GHSA-j3xp-wfr4-hx87)
45
- [Fix bash completion for users of Rustup](https://github.com/rust-lang/rust/pull/113579)
56
- [Do not show `suspicious_double_ref_op` lint when calling `borrow()`](https://github.com/rust-lang/rust/pull/112517)
67
- [Fix ICE: substitute types before checking inlining compatibility](https://github.com/rust-lang/rust/pull/113802)

src/tools/cargo

0 commit comments

Comments
 (0)